|
|
|
|
|
|
by lwf
3813 days ago
|
|
|
> Facebook, Google, and the DOD all rely on yubikeys now to mitigate a lot of remote attack vectors. Yes, but not as the sole factor. I've overseen a rather large deployment of Yubikeys, and I believe they provide a huge security improvement compared to other second-factor alternatives. > The only way I know to mitigate an attacker hijacking keys like this without significantly inhibiting workflow is configuring automatic ejection and re-enumerate the device on touch. Agreed. I was very happy when this was added in the YubiKey IV. |
|
|