|
|
|
|
|
|
by f0ff
2084 days ago
|
|
|
I'd hazard saying that the purpose of a YubiKey is to provide two factor authentication. A YubiKey acts as an item, posession of which implies identity. When you allow for the YubiKey to be activated without human interaction, it's moved from domain of posession into the domain of knowledge - identifying party needs to know where to knock, not to possess they key. It's no better than appending the URL at the end of your password. If you allow for a YubiKey, or any other physical artifact in that matter, to be remotely invoked it negates its utility as an authentication factor in the physical domain. |
|
|
And the setup in the article isn't even remote access. If the only way it can be triggered is a local button press, you're golden.