![]() ![]() This isn’t terrible because you at least have a backup option and phishing attacks will be a little more obvious when you are not prompted for your key or you are asked for your code when your key should have worked. Some sites let you disable SMS but still require a TOTP app as a backup option. So sites adopting this model make FIDO kind of pointless. A FIDO option is nice but a determined attacker will just attack the weakest point, which is the SMS backup code. There have also been several low tech attacks on SMS, like tricking a carrier into porting a number to an attacker’s SIM. A security key is a nice option but SMS codes can be stolen and SIMs can be cloned. Many sites still force you to have SMS as an alternate factor. Unfortunately a good number of sites only support Yubikeys so they might be worth the extra money because they are the most supported. Yubikey was my first choice but I did not want to pay the Yubikey price and did not need some of the extra features. I ended up buying the Feitian ePass FIDO-NFC Security Key because it did exactly what I needed and did not cost too much. That said, it has been an overall positive experience. ![]() Unfortunately it didn't work out like I expected. I have recently purchased some FIDO U2F keys and have attempted to do two factor that right way. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |