top | item 32885214

(no title)

I think this is really cool and a smart way to approach this problem. That being said, the physical isolation of the YubiKey is what makes it useful. Having to physically press a button is the real isolating factor, the interaction is physical and not determined by a piece of software.

discuss

lazka|3 years ago

Imo that it's not phishable and that there is no secret on the target server is even more useful in practice. And both those properties don't require physical isolation.

kevincox|3 years ago

To nitpick: s/there is no secret on the target server/the target server never sees the secret/

With proper password storage the target server never keeps the password. It course that is difficult to verify. With U2F the secret can't store a secret they can't see.