ctietze,
@ctietze@mastodon.social avatar

Listening to a talk at a local meetup.

sounds like a cool thing to have for this for device-bound passkeys.

But:

How does YubiKey earn one’s trust?

With everything home-cooked one knows who’s responsible for damage. With 3rd party, you’re still to blame to trust the wrong company :/

mafe,
@mafe@layer8.space avatar

@ctietze IMHO they don't. Although the certificate stored in the device looks safe enough, they have awesome support for Linux and Intel-based Macs (guess the issues with M2 are worked on) and it's a pretty good idea to store your password store access key outside the machine it's running on, I'm always afraid some day the thing just stops working and I locked myself out of everything.

That's why I do like but don't trust them.

ctietze,
@ctietze@mastodon.social avatar

@mafe I’d be worried about data loss, corruption/bit rot but also that it actually securely does what it says. It’s so opaque it seems

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • GTA5RPClips
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • Durango
  • cubers
  • Youngstown
  • mdbf
  • slotface
  • rosin
  • ngwrru68w68
  • kavyap
  • tacticalgear
  • ethstaker
  • JUstTest
  • InstantRegret
  • Leos
  • normalnudes
  • everett
  • khanakhh
  • osvaldo12
  • cisconetworking
  • modclub
  • anitta
  • tester
  • megavids
  • provamag3
  • lostlight
  • All magazines
    •