Hi, In my experience, yubikeys are not very secure. I know of someone in my team who would generate a few hundred tokens during a meeting and save the output in a text file. Then they'd have a small python script which was triggered by a hotkey on my macbook to push "keyboard" input. They did this because the org they were working for would make you use yubikey auth for pretty much everything, including updating a simple internal Jira ticket.
Thanks, Sabri ----- On Mar 23, 2020, at 1:26 PM, Eric Tykwinski <eric-l...@truenet.com> wrote: > I’ve already been playing with YubiKeys, but sadly Google Titan wouldn't work > with Windows Hello. > Might be something I was doing wrong... > Sincerely, > Eric Tykwinski > TrueNet, Inc. > P: 610-429-8300 >> On Mar 23, 2020, at 4:21 PM, Peter Beckman < [ mailto:beck...@angryox.com | >> beck...@angryox.com ] > wrote: >> Software-based TOTP offer more security than no one-time passwords, but >> admittedly less than the physical tokens. Google Authenticator, Authy, >> 1Password, LastPass all support TOTP. >> On Mon, 23 Mar 2020, Alexandre Petrescu wrote: >>> I dont know where are people about supporting VPN and one-time passwords on >>> tokens. >>> At my work place a few people dont have tokens (OTP - One Time PAsswords). >>> The >>> reserve of these tokens has been exhausted. NEw ones are being on order. >>> Until >>> then some people cant get on VPN. >>> Some people forgot their token on their desk and had to to travel to office >>> to >>> get it, a thing not good to do to go to office now. >>> Some (not sure) might have issues with syncing these devices. An OTP token >>> has a >>> certain skew about clock, and a battery that lasts long. Hopefully, one's >>> token >>> has been synchronised recently and the battery is new. The length of time >>> one >>> cant go to office might be anywhere between 21 days (announced) and 2 months >>> (experrience eg in Wuhan still closed). Some times the synching of clock >>> can be >>> performed remotely, and some 'coin' batteries can be replaced by the person >>> with skill and tools, could be extracted from a quartz watch for example. >>> An OTP device can be of many kinds. Some people keep OTPs on paper (I did >>> some >>> time ago). Some OTP devices are like Japanese 'tamaguchi' format, others >>> like a >>> credit card format. >>> Alex, LF/HF 3 >>> Le 23/03/2020 à 20:47, Mark Tinka a écrit : >>>> On 23/Mar/20 21:20, Peter Beckman wrote: >>>>> But also: >>>>> "The categories of people who will be exempted from this lockdown >>>>> are... those involved in the production, distribution and supply >>>>> of... telecommunications services" >>>>> [ >>>>> https://www.cnbcafrica.com/news/2020/03/23/breaking-nationwide-lockdown-announced-in-south-africa/ >>>>> | >>>>> https://www.cnbcafrica.com/news/2020/03/23/breaking-nationwide-lockdown-announced-in-south-africa/ >>>>> ] >>>>> I think most anyone on this list could be considered exempt. >>>>> I do hope the same will be true should our respective local and national >>>>> governments take similar action. >>>> Yes, a number of "essential services" have been identified as needing to >>>> continue to operate under special dispensation during the lockdown, and >>>> telecoms falls within that. >>>> The details of the implementation of the dispensation may be nuanced. >>>> Experience will tell us more in the coming days. >>>> Mark. >> --------------------------------------------------------------------------- >> Peter Beckman Internet Guy >> [ mailto:beck...@angryox.com | beck...@angryox.com ] [ >> http://www.angryox.com/ | >> http://www.angryox.com/ ] >> ---------------------------------------------------------------------------
