Discussion in 'BlackHat Lounge' started by Apricot, Oct 22, 2014.
I wouldn't do this, because I'm not so interested about giving my fingerprints out for this big company. I don't trust google at all anyways. But, hey. That's just my opinion.
I have the normal two step verification for like 2 years now...
Dont be so paranoid its capacitive touch not a finger print reader.
What happens if you loose or damage the key though? Does it then fall back to standard "forgot my password" stuff? If so theres the vulnerability. Also if someone spoofs user agent to mobile they wont be asked for the key anyway.
Cant be used by mobile or in many work places. Seems a bit of a fad to me.
If the key is lost, no one else can use it and you just go back to normal 2 step. Apparently can't be spoofed either.
So a Electronic Master or a Micro-Chip Expert will be able to Build Same Signature Key..!!As It is easy to Build 1 USB with multi Code Hacking. Now Hacking a Google account is easy. Because Building Signature Chip is easy Thing.
Good luck plugging a USB key into your iPad, or letting your security-sensitive workplace let you plug arbitrary USB keys into your workstation, or convincing your bank that you really did not send your entire balance to Nigeria, even though you signed that transaction with a tap, etc etc...
Remember Mt.Gox? That's Yubico's most public failure so far
Strong authentication needs to be out-of-band, and support transaction signing, and work everywhere, or there's no point using it. You can't get "out of band" with anything that you "plug in" - that's simply connecting it directly to the same threats.
Third comment on the blog:
Are some people just too paranoid??
Deja Vu, I could swear I have read that before.
Separate names with a comma.