Hacker News new | ask | show | jobs
by crispyporkbites 3035 days ago
What kind of uniformed user uses a YubiKey?

I supposed you could trick them by saying that the login process has changed and they need to enable WebUSB to let their YubiKey work
4 comments
tedunangst 3035 days ago
Uninformed users who have an informed friend looking out for them but not looking over their shoulder every single minute.
link
cjcfjrf 3034 days ago
Not parent but great point, thank you.
link
jessaustin 3035 days ago
This seems to indicate that DoD uses them. Perhaps it's mostly contractors, but there are probably some liaison-type uniformed people too:

https://www.yubico.com/about/reference-customers/department-...

link
Buge 3034 days ago
The purpose of a Yubikey is to prevent users from making mistakes.

This phishing attack removes the benefit that Yubikeys provided.

Sure a smart users can decline the permission prompt. But a smart user can also simply not enter their password into phishing pages.

link
x0x0 3035 days ago
tqbf, pinboard, and zeynep are handing them out to journalists.

There is an enormous need for some solution resistant to users who aren't good at identifying legitimate vs phishing sites. U2F as it stands is the only practical and deployed solution to that problem. It's infuriating that chrome broke this security promise to compete with microsoft.

link