|
|
|
|
|
|
by smichel17
2196 days ago
|
|
|
I don't like taking my phone out while I work, since this is often a source of distractions. I also have to worry about keeping it charged and on me (it is much larger than the yubikey). I have to keep the authentication app, which is often proprietary, installed and up to date. I have to worry about retaining access if I lose, break, or want to upgrade my phone. I have to apply a different security model to my phone. I have to trust a third party (duo), and rely on their push notification infrastructure. There is an additional delay while I wait for the push notification. There is something I intrinsically like about pressing a hardware button. These are all relatively minor things, but they add up to a strong preference for the yubikey (I've used the simple blue u2f key with a button). After reflecting on this list, I think the security model is probably the biggest one. In more colloquial terms: I'm already used to keeping track of my keys with a certain amount of care. A yubikey does not require me to adjust my habits; it's just another key. |
|
|