mimming | 7 years ago | on: Global, U.S. Growth in Smartphone Growth Starts to Decline
mimming's comments
mimming | 7 years ago | on: Beyond Passwords: 2FA, U2F and Google Advanced Protection
Generally yes, but the admin has the power to either enforce it (for some or all users) or disable it domain wide.
If you were to create a new GSuite domain today, it'd be allowed for all users.
mimming | 7 years ago | on: Beyond Passwords: 2FA, U2F and Google Advanced Protection
Yes google does.
The spec strongly encourages providers to allow multiple keys, and allow you to nickname them.
As far as I know everyone allows as many keys as you like except Vanguard and Amazon AWS (which both also only accept Yubico keys)
mimming | 7 years ago | on: Beyond Passwords: 2FA, U2F and Google Advanced Protection
You use a less convenient backup authentication.
The specifics depend on the use case, but even if you fall back to something less secure like an email and TOTP, you still come out ahead overall because most authentications are done by U2F.
mimming | 7 years ago | on: Beyond Passwords: 2FA, U2F and Google Advanced Protection
Essentially it borrows the protections from TLS. Here's a link to the relevant part of the spec: https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fid...
(Sorry if this comes across as RTFM, but I figured the source is better than my attempt at explaining)
mimming | 7 years ago | on: AWS now supports U2F/Yubikeys
Aw, that's a bummer. First Vanguard and now AWS support only Yubikey brand U2F devices. I wonder why that's happening?
Hopefully this practice remains limited. I really don't want haul a bag of different security keys around with me to access all of my services.
mimming | 7 years ago | on: AWS now supports U2F/Yubikeys
They mention Yubikey a lot by name in the post. Has anyone tried a U2F device from a different manufacturer?
mimming | 7 years ago | on: Google Unveils Titan Security Key, a Yubico-Like Phishing Resistant 2FA Device
It’s not as big of a deal as you might expect because:
- The spec requires providers to allow independent addition / removal of multiple keys per account, so it’s easy to manage backup U2F keys.
- Providers can use any backup authentication method they want. This includes SMS codes, TOTP / HOTP apps, email resets, or maybe VCing in to tech support.
And even if the backup method is less awesome (e.g. sms codes) it still reduces your risk because because you use it less often.
[edit for formatting]
mimming | 7 years ago | on: Big Bang telescope finale marks end of an era in cosmology
That’s starting to be the case. Check out https://projectpanoptes.org It’s network of ~$5000 exoplanet robotic survey telescopes. There’s also https://skynet.unc.edu/ which is aimed at larger scopes.
mimming | 7 years ago | on: Google: Security Keys Neutralized Employee Phishing
The protocol specifics 3 transport options with this in mind: usb, nfc, and Bluetooth.
As others mention, nfc works great for android. Bluetooth is your only option for iOS, and it’s clunky because you have to deal with pairing.
mimming | 7 years ago | on: Google: Security Keys Neutralized Employee Phishing
The U2F-Zero is about $9, and the cheapest U2F device I know of. They work well, but aren’t as durable as other options.
mimming | 8 years ago | on: Repl.it 1.0: IDE that Grows from Playgrounds to Fullstack Apps
The teacher you're thinking of from last year is me :)
Thanks a lot for the great classroom product, and your support. It made my work a lot easier.
mimming | 8 years ago | on: Ask HN: What did you work on in 2017?
I started streaming coding on Twitch - https://twitch.tv/mimmingcodes
It’s rekindled my excitement of using the Internet to share knowledge.
mimming | 8 years ago | on: Ask HN: Projects that don't make you money but you're doing it out of sheer joy?
http://dinopacks.com
I fill out those 'other comments' on order forms with a request for a dinosaur drawing.
mimming | 8 years ago | on: Windows XP at Defcon: Preparation
Thanks! Please do say hi in person if you see me :)
mimming | 9 years ago | on: Google Glass is getting a second life in the manufacturing industry
This is the best option I've seen: https://www.vufine.com
mimming | 9 years ago | on: Bay Area Bike Share is one of the least-used systems in US, costs $5k per bike
Also, as I sadly discovered, beyond a 2 second LED blip, there's no way to verify a successful bike dock. And a botched docking could cost you $1200.
mimming | 9 years ago | on: Ask HN: What have you achieved in 2016?
I wanted to get better at speaking and lecturing, so presented about 80 times.
I convinced a few people to draw me dinosaurs.
mimming | 9 years ago | on: Ask HN: What “missing” technical solution(s) do you wish existed?
Kind of like the rememberance agents the early wearable computing people used? http://alumni.media.mit.edu/~rhodes/Papers/wear-ra.html
mimming | 9 years ago | on: Ask HN: What “missing” technical solution(s) do you wish existed?
I started to take a swing at the comments part a couple years ago with firebase: https://github.com/mimming/firebase-jekyll-comments
page 1
It reduces the urge to whip out my mobile device at every moment of mild boredom, and collaborative apps like ported board games shine.
The one downside is that I look pretty silly when taking photos.