Jump to content


2-factor authentication using YubiŽ-type keys

Today, 03:48 PM

Posted by Jeber in Security & Networking
One thing about computer technology; no matter how long you've been around, something new will always come along to make you feel like you don't understand a thing.

I'm all in favor of 2-factor authentication. I've long appreciated the weakness of passwords. But a recent incident involving a very popular password manager service, which I've used for over a decade and won't name because nothing that happened was their fault, I realized that there are serious shortcomings with depending on relying on 2-factor authentication that uses codes sent to you via text message or codes generated with a generator stored on your mobile device.

The only fool-proof method of 2-factor authentication available at the moment is to use a physical key, sold under brand names like Yubi® keys and easily available from Amazon or, now, Google. You still use a username and password on each site you want to make extra secure but you also need a physical key that, by USB, WiFi, Bluetooth or NFC, "unlocks" that site and allows access. Anyone else without your key but in possession of your username and password wouldn't be able to log in to the site.

Now that comprises just about everything I understand about these keys. Despite owning a set of USB and WiFi keys, I know little about actually using them. If just owning them made me more secure, I'd be all set. Unfortunately...

My primary question is; Are these keys used the same way a password manager is? In other words, can my credentials from multiple sites be stored on them? Every explanation I've seen in print or video relates to using them to secure a single, usually Google, account. But can I use a single key to access any site that lets me use one for 2-factor authentication? Another way to ask the same question, is the key assigned to me as an individual or is it assigned to the site I first use it on? If I register it as a device to allow me access to my bank does it erase the credentials that allow me to access my Gmail, or will it authenticate me on any site where I've registered it as me? I can't imagine the developers expect us to carry a key for each service we want to use one for, but there are a lot of things I can't imagine that turn out to be the case.

24 Views · 11 Replies ( Last reply by securitybreach )


Adobe Reader DC and Adobe Acrobat DC Critical Security Update Released

21 Feb 2019

Posted by Corrine in Security & Networking
Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address a reported bypass to the fix for CVE-2019-7089 first introduced in 2019.010.20091, 2017.011.30120 and 2015.006.30475 and released on February 12, 2019. Successful exploitation could lead to sensitive information disclosure in the context of the current user.    

Release date:  February 21, 2019
Vulnerability identifier: APSB19-13
Platform: Windows and MacOS

Update or Complete Download
Reader DC and Acrobat DC were updated to version 2019.010.20098. Update checks can be manually activated by choosing Help & Check for Updates.

    Reader DC and other versions are available here:  https://www.adobe.co...latform=Windows
    Acrobat DC for Windows is available here:  http://www.adobe.com...latform=Windows

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

142 Views · 0 Replies


Pale Moon Version 28.4.0 Released With Security Updates

19 Feb 2019

Posted by Corrine in Social Media
Pale Moon has been updated to version 28.4.0.  This is a major development, stability and security release. The Linux versions will follow later today.

Note that the update includes fixes identified as "DiD" ("Defense-in-Depth") which means that it is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.  

Release Notes

379 Views · 0 Replies

Latest Discussions

Site Navigation

Online Users

0 members, 72 visitors and 0 anonymous users

Bing, Google

Portal v1.1.0 by DevFuse | Based on IP.Board Portal by IPS