Physical authentication tokens are only as good as the recovery mechanism when people lose one. Make the recovery too easy and attackers can bypass your spiffy token. Make the recovery too difficult and you can lock yourself out.
The sole context where I’ve seen physical authentication tokens work well is at companies with well staffed and highly responsive IT teams.
So before wiring anything up to that YubiKey, ask yourself what happens when you lose it.
mkb /
npub1xl…ufzau
2024-04-27 20:05:36
in reply to nevent1q…wtch
Author Public Key
npub1xl59pursxt0z84n2jkf3h92xpuw55yzdynjehy8rcwkqrem2n7ysmufzauPublished at
2024-04-27 20:05:36Event JSON
{
"id": "5e83613f4b253cf7a7c5992f8cd033a21a37080535edd3c32966c0e24cdae85f",
"pubkey": "37e850f07032de23d66a95931b95460f1d4a104d24e59b90e3c3ac01e76a9f89",
"created_at": 1714248336,
"kind": 1,
"tags": [
[
"p",
"4fd6a4b18b5ece43bfdcba5a69e2efcceb143f6bf24f641fe5c78debca3190c6"
],
[
"e",
"26deb7b508eb08bc0de0948c8e33af35e1d86068dcb58304721247cccfa3c523",
"",
"root"
],
[
"proxy",
"https://mastodon.social/users/mkb/statuses/112344978989467395",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.social/users/mkb/statuses/112344978989467395",
"pink.momostr"
]
],
"content": "Physical authentication tokens are only as good as the recovery mechanism when people lose one. Make the recovery too easy and attackers can bypass your spiffy token. Make the recovery too difficult and you can lock yourself out.\n\nThe sole context where I’ve seen physical authentication tokens work well is at companies with well staffed and highly responsive IT teams. \n\nSo before wiring anything up to that YubiKey, ask yourself what happens when you lose it.",
"sig": "362ecdfe384317f8a6cd97e6dbf9167abdea6b26aa0d723a76766b900947fb2a238f3ef886b426f082c97216108e2d34d989183e66f83bf95690c79232e336b8"
}