Questioning security of hardware security keys (lemmy.world)

submitted 1 month ago by beirdobaggins@lemmy.world to c/cybersecurity@sh.itjust.works

3 comments fedilink hide all child comments

I have a question about hardware security keys. Like a yubikey.

I have not actually used one before so maybe I am missing some critical information.

Aren't they inherently less secure than a TOTP code?

If someone ( like a evil government ) gets your key and knows your password for a particular service or device, they can login.

If these same people try to login but it is secured with a TOTP code instead, they would need access to my phone, which requires a password to unlock and then biometric validation to open TOTP app.

I mean yeah, they could just beat me with a large wrench until I agreed to login for them, but that is true with any method.

I've heard that in the US, the 5th amendment protects you from being forced to divulge a password, but they can physically place your finger on the finger print scanner.

you are viewing a single comment's thread
view the rest of the comments

[-] wildbus8979@sh.itjust.works 6 points 1 month ago

In theory that might be true, but you're forgetting that your phone can be hacked, remotely even.

this post was submitted on 02 Oct 2024

12 points (92.9% liked)

Cybersecurity

5687 readers

4 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social