On Sat, Nov 13, 2021 at 03:34:12PM -0800, lists wrote:
[..] Now Yubikey at least has my attention. But people often leave the key plugged into their notebook. Very true with the Google equivalent which I have heard from Google employees. The keys themselves aren't exactly transferable, but when you have physical access then all bets are off.
Yubikeys are available in several form factors. Not all of them can readily be left plugged in - at least, not into a portable device. The larger Yubikeys stick out too far and would likely fall out or get broken if left plugged in.
So, if you don't want laptop users leaving their keys in their devices, give them larger format Yubikeys. (Or Nitrokeys, see below.)
If someone fool actually paid me to be sysadmin, I would use a Yubikey. [..]
Yubikeys are decent in many respects, but not entirely unproblematic:
https://en.wikipedia.org/w/index.php?title=YubiKey&oldid=1053509936#Security_issues
For portable hardware security tokens with a better security track record (to my knowledge, anyway), see:
https://en.wikipedia.org/wiki/Nitrokey
Also possibly of interest:
https://www.gniibe.org/category/fst-01.html
-- A: When it messes up the order in which people normally read text. Q: When is top-posting a bad thing?
() ASCII ribbon campaign. Please avoid HTML emails & proprietary /\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.