top | item 19568435

(no title)

ejholmes | 7 years ago

If you have a newer MacBook with TouchID, you can get similar benefits using https://github.com/sekey/sekey. Arguably better, because access is backed by biometrics (TouchID) so it's "something you are" (fingperint) + "something you have" (laptop) and quite a bit simpler than setting up GPG backend SSH keys.

discuss

order

busterarm|7 years ago

Uh, what?

You're just combining "something you have" + "something you have". Unlike with a Yubikey, your fingerprint will always be with you when you have your laptop.

Biometric access is a terrible idea if you don't combine it with "something you know". Access to your laptop can now be coerced or compelled at any time.

Every commercial biometrics system I've ever seen that's worth a damn at least combines it with a pinpad.

ejholmes|7 years ago

Obviously, depends on your threat model. I'd argue that being physically coerced ends up being a pretty low risk for most people. If you're just looking for something better than storing private key material on a hard disc, sekey is a pretty great alternative to using Yubikey + GPG.