![]() There is a mega long thread in here about the great frustrations of switching completely to YubiKey at Vanguard. Unless they completely eliminate backdoor ways to reactivate SMS, then it’s just an illusion of security. For me, I’m ready to do it, but I think they still allow SMS for “I forgot my password”. Many here wish that Vanguard completely supported them. I would have thought many here would have set up hardware keys for Vanguard alone. Because at the time many of us had mobile phones with numbers (an identifying address) that could receive code over SMS. It is also the reason before the industry moved to authentication apps to circumvent the SIM swapping vulnerability is why we started with getting OTP codes over SMS. I disagree that 2FA using authentication apps generating OTP is done on your phone not because it will be notice missing first but rather it is something many of us always have with us. ) to generate the OTP.Ĭan you tell me what part of a Yubikey is hack-able and how would it be done? Just to clarify for others, the phase of "the exact same system": means they use the same algorithm as defined by a specification (e.g., RFC 6238, 4226. ![]() My phone also does not go to unknown websites or run unknown apps. My phone does exactly what I tell it to do but then I have a Pixel 6 Pro running GrapheneOS without the Google play store (yea that sucks as much as it sounds). The reason you run 2FA on a cell phone is because it's the one thing you notice is missing very quickly. The attack is far more sophisticated than just hitting the person in the knee with a $2 hammer until they give the passwords up, but then everything is hack-able.Īs far as the phone goes all of your examples are human issues not technology issues. It's only vulnerable to physical theft.Ī Yubikey is hack-able just not easily. There are many ways for a phone to be compromised. People use their phones after they stop getting security updates. It's the exact same system, but there's a big difference in where you're storing the credentials. ![]() Funny how the author glosses over the fact that the Authy app on my phone is the exact same OTP system as a Symantec VIP device without a text or e-mail.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |