![]() You probably have at least few of those in your pockets: phone SIM, bank cards, various IDs and the like. Known as Universal 2nd Factor (U2F) and originally developed by Yubico and Google, it relies on physical devices (usually USB or NFC) that implement cryptographic algorithms on a chip, similar to smart cards that have been around for ages. So, can we do better? There exists an open authentication standard that aims to both strengthen and simplify 2FA. Opting for an app like Google Authenticator is more secure, but can also be compromised, at least in theory, if a smartphone that runs it is precisely targeted by an attacker. Cellular networks, however, are not the safest place: messages and calls can be intercepted. By default, it involves requesting one-time access codes either by SMS/phone call or through a dedicated smartphone app. We have enforced 2FA across all our staff for all the tools that we use daily: email, GitHub, task trackers, and others. If you haven’t set up your YubiKey yet, this is a good place to start. Even without hardware keys, it makes an attacker’s job much harder than it used to be. The most obvious way to increase security is to opt for two-factor authentication (2FA) that is widely supported. A good old password, even coupled with a password manager, does not cut it anymore. In a hostile environment of the modern web, though, it is easier said than done. Our clients trust us with their source code and, even more importantly, with access to their production servers, and this trust cannot be broken. With more employees and more clients, there is a demand for stronger security. If some of those acronyms seem unfamiliar-read on for more background.Įvil Martians are growing. See how to go beyond their built-in U2F functionality and use them for SSH authentication from a Mac with YubiKey holding all PGP keys and emulating an OpenPGP (GnuPG) smart card. Learn how we use USB sticks from Yubico to handle authentication in all our projects and project-related tools.
0 Comments
Leave a Reply. |