|
|
|
|
|
|
by closeparen
2192 days ago
|
|
|
You leave the Yubikey in your computer, at least for the duration of your session, so you're just moving your hand a couple of inches to tap it. Contrast with fishing out an entirely different device, waiting for the push to arrive or navigating to the Duo app, etc. Push 2FA is also subject to the vagaries of your phone's current network connection and its latency. For the specific combination of Macs with Touchbar and U2F and Chrome, you can already get this experience with onboard hardware. I expect most client devices will converge on having some kind of hardware-backed U2F credential built in. But Yubikey is more general right now. OTP is easy to implement and eminently compatible; it just presents as a keyboard and sends keystrokes. HMAC is great for not just authenticating but signing specific transactions. The GPG applet is just another GPG key, and the PIV applet is just another X.509 cert, so a number of applications can be upgraded to hardware-backed credentials with little or no change. |
|
|