|
General observations trying a Yubikey. Yes, Chrome is the browser you need, and sometimes there are issues with various Linux distros. I managed to get it to work with some and not with others. However, my bottom line is that email is something I need to log into almost anywhere at any time, and if for some reason I don't have the Yubikey I need a fallback option, which basically defeats the purpose of the Yubikey, doesn't it? In other words, let's say the fallback is either SMS or email authentication--well, the hackers could also use those to fallback on and they are much easier to hack. You can use an authenticator app with some email services as the fallback option, but why not just use that as the primary means if you have it as a fallback? I do keep backup codes, but I don't carry those around with me. So far I'm not seeing the great advantage of a Yubikey over just using an authenticator app for important accounts, assuming your preferred service allows the use of one or both. One thing I have wondered about is why services couldn't just have a secondary PIN number that only you know and they have no access to? In other words, you need your username and password to log in, and then you are presented with a timed box where you must enter your secret PIN that only you know. You might have 10 seconds and only three tries and then your account would be locked for some period of time. Seems like in practical use it would be just as secure as a Yubikey or an authenticator app without all the hassle.
|