|
|
|
|
|
|
by smaudet
1477 days ago
|
|
|
To echo the sibling commenter, perhaps this rule applies: When dealing with hardware, hardware access tokens should be required.
When dealing with software, software access tokens should be required. That way, you never have hardware compromised by remote tokens, and you never lose access to your software because you lost some hardware. E.g., hardware tokens to login to a laptop, but only a software token (password) to get on a flight. Of course there are a lot of use-cases inbetween with varying needs (escrow boxes with digital locks, intelligence services who need to verify the identity of their agents when entering/exiting premises), but I posit those come with requirements outside of the "ordinary". |
|
|