On Mon, Dec 16, 2024 at 2:59 AM 🦓 <czybo...@gmail.com> wrote: > > You donot understand your own mistrust. You are trying to make it > unnecessarily difficult to use your tool. How would you like a spoon that > phishing-resistently refuses to spoonfeed you unless you have sufficiently > identified yourself as an authority-authorized credit card owner?
Whatever... *Plonk* > Op ma 16 dec 2024 om 08:49 schreef Jeffrey Walton <noloa...@gmail.com>: >> >> On Mon, Dec 16, 2024 at 2:42 AM 🦓 <czybo...@gmail.com> wrote: >> > >> > YubiKeys is a password manager in a dongle, thus the exact opposite of >> > passwordless. Your dogs and your goats are passwordless, they reliably >> > serve you but have a built in immune system with redundancies protecting >> > them from abuses of their passwordlessness. >> >> You don't understand YubiKeys, their capabilities, and Universal >> Second Factor. The security requirements of U2F are a token that has: >> >> 1. high entropy >> 2. replay resistant >> 3. phishing resistant >> >> Passwords may satisfy (1), but they completely fail at (2) and (3). >> >> And your original problem statement stated memorization was the >> problem you were trying to solve. Even if a YubiKey serves up a fixed >> password (which it does not), then it solves your memorization >> problem. >> >> I have no idea what dogs and goats have to do with things. >> >> Jeff >> >> > Op zo 15 dec 2024 om 15:35 schreef Jeffrey Walton <noloa...@gmail.com>: >> >> >> >> On Sun, Dec 15, 2024 at 6:47 AM 🦓 <czybo...@gmail.com> wrote: >> >> > >> >> > my mother is currently struggling to memorize all of my dead >> >> > stepfather's identities and passwords and that makes me wonder how >> >> > would you like an internet of hosts who store everything undeletably >> >> > and barrierlessly readably with no secrets whatsoever to humanity nor >> >> > any other natural or artificial or divine intelligence? i know this >> >> > sounds like a question for debian-devel or debian-policy but i m >> >> > dumping it onto debian-user as as of now i m not subscribed to any >> >> > other. >> >> >> >> For some of the larger sites you can use a YubiKey. YubiKeys use the >> >> FIDO/FIDO2 protocols. I believe WebAuthn also supports YubiKeys. >> >> >> >> But I found a lot of sites do not support FIDO/FIDO2 protocols. For >> >> example, most banks and my mother's credit union do not support them. >> >> In this case, I send a letter to the company's legal department and >> >> put them on notice. (I also point out the problems with their current >> >> authentication system). >> >> >> >> If you start switching to YubiKeys, then be sure to use two of them. >> >> The second is a backup YubiKey, and it also gets enrolled when you >> >> convert the account. The backup YubiKey is used in case the first >> >> YubiKey is lost.
