User Controls

2FA Hardware Key

  1. #1
    Bueno motherfucker
  2. #2
    Fonaplats victim of incest [daylong jump-start that nome]
    They are called "usb drives" grandpa...
  3. #3
    gadzooks Dark Matter [keratinize my mild-tasting blossoming]
    Interesting... I had never even heard of these until now.

    Kinda neat, I guess. It might have some useful niche use case applications.

    For regular old two factor authentication, why not just stick with phone based ones? Most people have their phone with them at all times.
  4. #4
    Bueno motherfucker
  5. #5
    Bueno motherfucker
  6. #6
    gadzooks Dark Matter [keratinize my mild-tasting blossoming]
    I'm considering getting one now just to play around with.

    But losing it (or it being stolen or something like that) seems like a potential downside worth considering. I guess having a backup method of authentication to get in and disable the physical key would be pretty feasible.
  7. #7
    Soyboy V: A Cat-Girl/Boy Under Every Bed African Astronaut [my no haunted nonbeing]
    The thing about usb keys is that it is being found that people are slightly less retarded with them than they are with passwords or even biometrics.
  8. #8
    Lanny Bird of Courage
    I use one of those RSA key fobs for work. It's pretty annoying to use because you have to read off numbers on the display and type them in in a given window. It is more secure than phone based 2FA because there's no communication between the fob and the service you're authenticating with, no opportunity for SIM duplication or MitM or whatever.
  9. #9
    Bueno motherfucker
  10. #10
    HTS highlight reel
    I have one for my battle.net account and there's one in the mail for FFXIV. They're kind of a waste for applications like that, but I buy them for pseudospiritual reasons. I will be buried with them.
  11. #11
    HTS highlight reel
    (PS: I thought this thread was going to be about snorting 2FA off of a key at first.)
    The following users say it would be alright if the author of this post didn't die in a fire!
  12. #12
    Bueno motherfucker
  13. #13
    Lanny Bird of Courage
    Originally posted by Bueno Talked to my mentor yesterday, he said he used them, something you can have it basically send your long password to the phone, but the issue is that someone can steal the key and pull the password off.

    Well ideally the key would have a time varying password, or a challenge/response sequence, so that if someone steals the key they can pull the password now but they can't predict what the password is going to be in the future without dismantling the thing and having intimate knowledge of how it's designed. This is the same reason it's so much more expensive to duplicate the chip part of a credit card than the mag strip.
  14. #14
    gadzooks Dark Matter [keratinize my mild-tasting blossoming]
    Are we assuming that, in the case of theft and/or loss, we won't know right away?

    What I originally envisioned is just having a backup method for authentication that uses an entirely different mechanism/password, and then, if you discover that you've lost the key, just override it using your backup mechanism and change the password.

    But, I guess if the key is found AND USED before you have the chance to realize it's missing... Then your shit is compromised.

    But doesn't two factor authentication require that whoever has your key also has access to your primary authentication method? What are the chances of that happening? Unless you're holding classified government secrets or, like, a bitcoin address and passphrase with millions of dollars on it. Then people will go to great lengths to hack your shit.
Jump to Top