[kwlug-disc] MFA security keys
Jason
jasonpa at gmail.com
Tue Oct 1 12:14:24 EDT 2024
My vote would be for Yubikey. The USB-C one is tiny, and we had a number
of CLI applications that used it for 2FA.
Just be sure to get a newer version that doesn't have the recently
discovered vulnerability:
https://www.theverge.com/2024/9/4/24235635/yubikey-unfixable-security-vulnerability-side-channel-explot
https://www.yubico.com/support/security-advisories/ysa-2024-03/
Jason
On Tue, Oct 1, 2024 at 11:44 AM Chris Irwin via kwlug-disc <
kwlug-disc at kwlug.org> wrote:
> On Mon, Sep 30, 2024, at 23:57, Paul Nijjar via kwlug-disc wrote:
>
> Has anybody experimented with these alternative keys? What have your
> experiences been? Are these now commodities that all Just Work, or do
> I have to be careful?
>
>
> I've had yubikeys, as well as Feitian [1], and Trustkey [2] (linked below,
> sorry for the amazon). They all seem to work equivalently.
>
>
> 1.
> https://www.amazon.ca/gp/product/B01M1R5LRD/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1
> 2.
> https://www.amazon.ca/gp/product/B08881651P/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1
>
>
> I don't think NFC is a security concern, so I wouldn't go out of my way to
> avoid it, even if it's a feature you don't expect to use.
>
> I currently have three tokens linked to all my accounts -- one of each of
> the above brands.
>
> --
> *Chris Irwin*
>
> email: chris at chrisirwin.ca
> web: https://chrisirwin.ca
>
>
>
> _______________________________________________
> kwlug-disc mailing list
> To unsubscribe, send an email to kwlug-disc-leave at kwlug.org
> with the subject "unsubscribe", or email
> kwlug-disc-owner at kwlug.org to contact a human being.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20241001/13840284/attachment.htm>
More information about the kwlug-disc
mailing list