I'm all in favor of 2-factor authentication. I've long appreciated the weakness of passwords. But a recent incident involving a very popular password manager service, which I've used for over a decade and won't name because nothing that happened was their fault, I realized that there are serious shortcomings with depending on relying on 2-factor authentication that uses codes sent to you via text message or codes generated with a generator stored on your mobile device.
The only fool-proof method of 2-factor authentication available at the moment is to use a physical key, sold under brand names like Yubi® keys and easily available from Amazon or, now, Google. You still use a username and password on each site you want to make extra secure but you also need a physical key that, by USB, WiFi, Bluetooth or NFC, "unlocks" that site and allows access. Anyone else without your key but in possession of your username and password wouldn't be able to log in to the site.
Now that comprises just about everything I understand about these keys. Despite owning a set of USB and WiFi keys, I know little about actually using them. If just owning them made me more secure, I'd be all set. Unfortunately...
My primary question is; Are these keys used the same way a password manager is? In other words, can my credentials from multiple sites be stored on them? Every explanation I've seen in print or video relates to using them to secure a single, usually Google, account. But can I use a single key to access any site that lets me use one for 2-factor authentication? Another way to ask the same question, is the key assigned to me as an individual or is it assigned to the site I first use it on? If I register it as a device to allow me access to my bank does it erase the credentials that allow me to access my Gmail, or will it authenticate me on any site where I've registered it as me? I can't imagine the developers expect us to carry a key for each service we want to use one for, but there are a lot of things I can't imagine that turn out to be the case.
24 Views · 11 Replies ( Last reply by securitybreach )
Release date: February 21, 2019
Vulnerability identifier: APSB19-13
Platform: Windows and MacOS
Update or Complete Download
Reader DC and Acrobat DC were updated to version 2019.010.20098. Update checks can be manually activated by choosing Help & Check for Updates.
Reader DC and other versions are available here: https://www.adobe.co...latform=Windows
Acrobat DC for Windows is available here: http://www.adobe.com...latform=Windows
Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.
Note that the update includes fixes identified as "DiD" ("Defense-in-Depth") which means that it is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.
2-factor authentication using YubiŽ-type keys
Jeber - Today, 03:48 PM
Adobe Reader DC and Adobe Acrobat DC Critical Security Update Released
Corrine - Feb 21 2019 02:17 PM
Pale Moon Version 28.4.0 Released With Security Updates
Corrine - Feb 19 2019 08:39 AM
sunrat - Feb 14 2019 07:04 PM
Hackers wipe US servers of email provider VFEmail
securitybreach - Feb 12 2019 07:49 PM
Mozilla Firefox Version 65.0.1 Released with Security Updates
Corrine - Feb 12 2019 07:14 PM
Microsoft Security Updates for February, 2019
Corrine - Feb 12 2019 03:29 PM
Adobe Flash Player Updates Released
Corrine - Feb 12 2019 11:07 AM
Jon "maddog" Hall talks Unix and Linux history
securitybreach - Feb 11 2019 10:58 PM
VirtualBox, youtube tutorial was a big help
wa4chq - Feb 11 2019 12:35 PM
Still Trailing Edge
raymac46 - Feb 09 2019 10:54 AM
No longer being shown goto options
crp - Feb 03 2019 05:15 PM
How to install Linux on Android without root
securitybreach - Feb 02 2019 12:38 PM
comm, rsync, Fslint, Meld - compare stuff
sunrat - Jan 31 2019 03:18 AM
wa4chq - Jan 30 2019 06:33 PM