[tialaramex]

I'm actually not sure for this type of attack how much I'd value OTP authenticators over SMS. They are both vulnerable to phishing in the same way.

What I'd like to see a lot more of is WebAuthn specifically, rather than "hardware keys" generally. It's frustrating to me that the outfits I deal with only have OTP and not WebAuthn.

[pavel_lishin]

To phishing, yes, but not to SIM card cloning/social engineering your cell phone provider shenanigans.

[everybodyknows]

Anyone have a short list of registrars who support Yubikey (or competitors)?

[blowfish721]

Gandi.net seems to support it https://www.yubico.com/works-with-yubikey/catalog/gandi-net/ There’s a short list found here with supported sites including registrars https://www.yubico.com/works-with-yubikey/catalog/

[alfiedotwtf]

When 2FA is not enough... https://fastmail.blog/2014/04/10/when-two-factor-authenticat...

[fckthisguy]

They do, I use it.