top | item 44044855

(no title)

codalan | 9 months ago

It sucks Yubikey (or other hardware based auth) isn't more prevalent in the financial/banking world. It helps mitigate a lot of types of attacks:

- No tokens to exfiltrate off a computer

- Avoids keylogger style attacks

- More durable than cell phones

That said, for people that have high amounts of money in certain accounts (> 1m), it might also present physical dangers (e.g. kidnapping, home invasion) for thieves attempting to get access to the hardware key.

discuss

foxyv|9 months ago

The rubber hose attack is always the most reliable and most dangerous method of breaching high value targets like this.

https://xkcd.com/538/