|
|
|
|
|
|
by nalllar
1266 days ago
|
|
|
Makes rather little sense if so, given it's a hardware key. The most likely casees where the key is used to do something that trips this afaict are: * genuine key, user does something fine that trips a heuristic * genuine key, user's device is compromised In either of these cases removing the key is making the account less secure. Google also removed all the keys associated with the account instead of just the key that was used. Having a yubikey physically stolen and also knowing the details to log in with seems like it should be very rare. If they're going to have a process that removes the keys they need to be so confident that they lock the account and go through some sort of IDV process to turn it back on. Removing the keys and leaving you with just a password that you just set up on the device that just logged in using the key is obviously not the right approach if you think the key's compromised because the password's just as compromised. |
|
|