Subj : Re: Yubikey
To   : Kurt Weiske
From : Arelor
Date : Wed Jun 09 2021 17:23:32

  Re: Re: Yubikey
  By: Kurt Weiske to Sean Dennis on Wed Jun 09 2021 08:22 am

 > -=> Sean Dennis wrote to All <=-
 > 
 >  SD> I have thought about using a Yubikey for limiting root access to my BBS
 >  SD> server.  Are any of you using a Yubikey or something similar?  I know
 >  SD> that Slackware supports the use of a Yubikey via third-party software.
 > 
 > While hardware 2FA is pretty nifty, I'd think that SSH keys would be
 > sufficient.
 > 
 > 
 > ... Am I any closer to finding what I'm looking for?

It depends on the application, but pretty much this.

When you enable 2nd Factor Authentication in a _small_ firm, user support
tickets SKYROCKET because everybody and their grandmother eventually manages to
lose, corrupt or have their 2nd Factor Auth device stolen.

There was a cryptocoin exchange that started charging a fee for solving 2FA
issues because they were badly overloaded.

2FA is also causing me lots of headaches in e-commerce because many users can't
figure it out and get credit card payments authorized.

In my opinion, small users are better served with a single user-password pair
and some anti-bruteforce technique, such as temporarily disabling users with an
excess of failed logins. This has other issues (it makes your services DoSable
if you are not careful) but it seems to be less of a problem in the wild than
the 2FA apocalypse.

--
gopher://gopher.richardfalken.com/1/richardfalken
--- SBBSecho 3.14-Linux
 * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24)

.