Thread | Brutkey

@markwyner@mas.to By physical passkeys, do you mean something like a Yubikey using U2F/FIDO2 that have been around for years, or the new "passkey" standard where sites just save a little digital credential in your browser/OS/phone's password manager, except stored on a standard USB stick?

Either way, it's often the case that sites using these give you backups, such as saving multiple passkeys, adding multiple hardware security keys, or also adding other 2FA like an authenticator app or backup codes.

Mark Wyner Won’t Comply :vm:
@markwyner@mas.to

@boltx@mastodon.social I’m actually talking about the Yubikey kind of thing. I need to update my post to be clear about that.

Are you saying with the Yubikey-type of hardware, you can have more than one? Do we know how hackable they are? Say if you lose it and someone gets ahold of it?

08956495
@08956495@infosec.exchange

@markwyner@mas.to @boltx@mastodon.social https://idtechwire.com/yubikeys-can-be-hacked-but-it-costs-about-11k/

Exploits exist buy they would need to get a hold of your key, the key has a pin that you have to enter to set up the 2FA in any device/account, and if you lose your key, I don't think there is a way to track the accounts linked to it.

As people already mention, have one as a back up, but it is usually a very secure way to handle 2FA.