phone would be better in this case. If someone wanted to steal your login they'd need to unlock your phone and get the time sensitive code.
It doesn't hurt to have multi factor auth as long as you can manage it.
I have a Keepass database that requires a google auth from phone AND 2 key files from 2 separate drives along with the password
Isaac Wright
So whats the point of a yubikey if a phone authenticator app is better? Why do so many people use them?
Michael Peterson
Well I just googled this and it seems pretty legit. So what exactly are the advantages for it though, and can someone give me a real life situation where it'd be useful to have?
Aiden Green
what the hell you have there that you need that much protection?
or are you just paranoid?
Owen Roberts
It might be a requirement for his company
Lucas Sanchez
If you get malware on your phone, it could read out all the secrets from your authenticator app. Yubikey avoids this by being a separate piece of hardware that you don't do anything else on.
Asher Murphy
One of the key files is stored in the company's servers (not a fan but had to). Other is my own. The key files are a one time thing just to prevent logins from new devices.
The database is ~10MB so I got a lot to lose
Jeremiah Cruz
2 factor with a special phone you never tell anyone about works
Dominic Ward
You can more easily fit a Ubikey up your ass. So when you get robbed they still won't have the key to get into your accounts.
Aiden Sanchez
Someone can steal the authentication seed from the phone. It's much harder to do from the key.
Yubikey can do NFC, so you can use it to 2 factor auth the 2 factor auth on your phone. (Yo dawg...)
Yubikey also works as a PGP card, which is fucking awesome.
Michael Sullivan
Phone companies have a history being very lenient about security and don't think twice about handling duplicate of your SIM to someone else, leaking your SMS or reusing your number if you stay offline for too long
Matthew Bennett
two factor authentication is critically important for all orgs to implement but hardware based security keys are quantum leaps ahead, they're not hackable and protect users from phishing in the way one time passwords do not
Luis Ross
How is plugging in a USB key any more secure than typing in a OTP?
Nolan Thompson
cryptographic signature cannot be phished
Michael Gutierrez
Because you have complete physical control over your USB key
Eli Walker
You have complete physical control over a OTP written on a scrap of paper.
Juan Torres
Firefox still does not support U2F
fuck
Carson White
But where do those scraps of paper come from?
William Turner
A tree.
Leo Roberts
But what if the tree was compromised?
Anthony Flores
What if the USB key is compromised?
Connor White
>OTP >scrap of paper How do you get the next OTP?
Camden Phillips
Calculate it manually based on the seed.
Connor Roberts
I wish more people understood this. This is the whole point of the yubikey!
Elijah Barnes
So, is there an actually recommendable secure smartphone?
Jaxson Butler
I read somewhere that if you link yubikey to a LastPass account then the yubikey will store the decryption string instead of the LastPass server.
Alexander Hill
It isn't better. Anything on a phone is more vulnerable compared to a dedicated hardware token.
Brayden Evans
Friendly reminder that Yubico has replaced all open-source components that made yubikey NEOs so awesome with proprietary closed-source code in Yubikey 4s. Do not buy.
Instead, either get the Yubikey NEO or check out nitrokey.com/