On Mon, Dec 16, 2024 at 2:42 AM 🦓 <czybo...@gmail.com> wrote:
>
> YubiKeys is a password manager in a dongle, thus the exact opposite of
> passwordless. Your dogs and your goats are passwordless, they reliably serve
> you but have a built in immune system with redundancies protecting them from
> abuses of their passwordlessness.
You don't understand YubiKeys, their capabilities, and Universal
Second Factor. The security requirements of U2F are a token that has:
1. high entropy
2. replay resistant
3. phishing resistant
Passwords may satisfy (1), but they completely fail at (2) and (3).
And your original problem statement stated memorization was the
problem you were trying to solve. Even if a YubiKey serves up a fixed
password (which it does not), then it solves your memorization
problem.
I have no idea what dogs and goats have to do with things.
Jeff
> Op zo 15 dec 2024 om 15:35 schreef Jeffrey Walton <noloa...@gmail.com>:
>>
>> On Sun, Dec 15, 2024 at 6:47 AM 🦓 <czybo...@gmail.com> wrote:
>> >
>> > my mother is currently struggling to memorize all of my dead stepfather's
>> > identities and passwords and that makes me wonder how would you like an
>> > internet of hosts who store everything undeletably and barrierlessly
>> > readably with no secrets whatsoever to humanity nor any other natural or
>> > artificial or divine intelligence? i know this sounds like a question
>> > for debian-devel or debian-policy but i m dumping it onto debian-user as
>> > as of now i m not subscribed to any other.
>>
>> For some of the larger sites you can use a YubiKey. YubiKeys use the
>> FIDO/FIDO2 protocols. I believe WebAuthn also supports YubiKeys.
>>
>> But I found a lot of sites do not support FIDO/FIDO2 protocols. For
>> example, most banks and my mother's credit union do not support them.
>> In this case, I send a letter to the company's legal department and
>> put them on notice. (I also point out the problems with their current
>> authentication system).
>>
>> If you start switching to YubiKeys, then be sure to use two of them.
>> The second is a backup YubiKey, and it also gets enrolled when you
>> convert the account. The backup YubiKey is used in case the first
>> YubiKey is lost.
