No, it's not. We need less shoddy practices to develop software, e.g. mandatory 4-eyes process for security-critical changes, thread modelling, and maybe more Hardware Security Modules that encrypt critical information.<p>And if you need a second factor, I'm sure any smartphone-based TOTP will do. People already guard their smartphone well. No extra key fob needed.
Yubikeys are useless when someone can reset your password or 2FA using personally identifiable information that was just leaked. A lot of us who practice good security will be PWNED through large scale data leaks. Whenever I sign up, I sign up with fake information, and so should you. Most services will not KYC you, so just lie.
Bought yubikey on a sale a few years ago. Not usable for mobile in that model (4?) (but I knew it in advance of course). Then found out that most of the sites don't accept it in the Firefox, only in the Chrome and its clones. And so it is collecting dust somewhere in my old apartment.
The fact that there are other ways to circumvent 2fa highly depends on companies practices. Using fake informations is a good start but even without fake infos I still am trying to regain access to the majority of my 2faed accounts since last December
BEST AGENCY TO RECOVER LOST OR STOLEN CRYPTOCURRENCY<p>I recommend Hack Recovery KEVIN M HACKER to anyone who needs this service. I decided to get into crypto investing and lost my crypto to an investor late last year. The guy who was supposed to manage my account was a fraud the whole time. I invested $180,000 and at first my read and profit margins looked good. I got worried when I couldn't make withdrawals and realized I had been tricked. I found some testimonials that people had to say about Hack Recovery KEVIN M HACKER and how helpful it was in getting their money back. I immediately contacted him via. Email: kevinmitnick100@hackermail.com, Telegram @Kelvinmhacker or WhatsApp via: +1-256-956-4498, and I’m sure you will be happy you did.
The YubiKey is not the single answer for this problem. The right approach will depend on the specific needs of each user.<p>More importantly, MFA needs to be more widely adopted and the account recovery process needs to be hardened.
Related:<p><i>EUCLEAK Side-Channel Attack on the YubiKey 5 Series</i><p><a href="https://news.ycombinator.com/item?id=41434500">https://news.ycombinator.com/item?id=41434500</a>
Nope. It’s an add-on, but you can lose them. I am a bit flabbergasted that corporates are now handing them out like candy, but only one to a user. And if they lose them, they can’t even log in to request another.
Yubikey will never prevent your data from being leaked. They didn’t crack your password.<p>But a random, unique password prevents further harm. They can’t get data from another site just because they hacked this one.<p>Have random, unique passwords. Use a password manager. Done.
An even better analogy would be food safety enforcement for large food processors: not wearing a seatbelt makes the author’s proposal seem like it’s about you, when it really is about well-needed criminal penalties for FooCoGotPwned Ops (where FooCoGotPwned isn’t in tech, health, or finance.) Otherwise, like listeria in your liverwurst, it’s only a matter of time until you get hacked.<p>The only current remedy is a class action lawsuit which will eventually give you a pittance after many years, and it’s pathetic.
<a href="https://ninjalab.io/eucleak/" rel="nofollow">https://ninjalab.io/eucleak/</a> the timing lol<p>Extraction of the ECDSA secret key of Yubikey 5 series FIDO devices