top | item 44044728

(no title)

codalan | 9 months ago

In an ideal world, I'd just use Yubikeys for everything. The problem is that it's not universally supported (or only supports a limited number of keys), so now I have a hodgepodge of 2FA app or Yubikeys or, even worse, phone/email 2FA.

The great thing about Yubikeys is that I can associate backup keys for accounts (when they are supported), so if I lose one key, I can deactivate the lost key and use a backup key in its place.

With heavily locked-down 2FA apps, I have to hope I can do a full recovery on a new device, or go through the recovery code process, or start all over again w/ new 2FA codes. If I'm lucky, the app allowed me to have it installed onto a backup device.

It's way more complicated that just swapping in a new Yubikey.

discuss

No comments yet.