Posts by timhowes@mastodon.social
 (DIR) Post #ASTnwLerLtUTtyNzNI by timhowes@mastodon.social
       2023-02-08T19:47:09Z
       
       0 likes, 0 repeats
       
       @tek @keifer  The “security key” version is just for FIDO2/U2F authentication. The Yubikey 5 has additional functionality like OTP, PGP, and smart card protocols.
       
 (DIR) Post #ASTouLXMvjrEtzUXAG by timhowes@mastodon.social
       2023-02-08T19:57:00Z
       
       0 likes, 0 repeats
       
       @tek @keifer Yes, that’s exactly what it’s good for. You can use it as a strong second factor for 2FA. Either insert in your laptop and tap the button or use NFC for your phone. Some websites may have a fully “passwordless” login flow where you insert the key and use a PIN or biometrics to activate the key and log in.
       
 (DIR) Post #ASTph9AdhJfkjm86qm by timhowes@mastodon.social
       2023-02-08T20:07:23Z
       
       0 likes, 0 repeats
       
       @keifer @tek Unfortunately, the recent LastPass compromise involved direct access to the encrypted vaults in cloud storage, bypassing web-based login and 2FA. So, those compromised vaults are really only protected by the strength of the master password.
       
 (DIR) Post #ASTrhdpbtwLVjqeoEq by timhowes@mastodon.social
       2023-02-08T20:16:33Z
       
       0 likes, 0 repeats
       
       @keifer @tek With 2FA on, you ensure that, even if someone gets access to your password, they won’t be able to log in to the LastPass website and get access to your vault. But if they’ve already obtained the vault file directly from LastPass’s internal storage, then they only need the password to decrypt it.