>>106485671 (OP)
It's great for the elderly or the tech illiterate so they can just plug and authenticate instead of writing down a password or reusing the same simple passphrase they use for every service.
>>106485712 >if i need your password i instead have to break your fingers, which is much more fun
How's he supposed to be able to type on a keyboard if you break his fingers retard? Do you expect him to type that shit out with his feet?
Fucking amateurs I swear.
>>106485671 (OP)
This lets you remember a simple pin instead of a complicated password
Pin strength is about as secure because it blocks if you fail too many times.
And ofc it's a physical device so you need to physically steal it to even use it which is much harder than penis I'm bored
>>106486152 >He could just tell you the password and you type it.
That could work, unless I miss hear him. I'm very easily distracted sometimes. Also the whole being tortured thing might leave him hyper ventilating and nervously spelling it out to fast.
>>106486541
Most people will give it right up. People aren't super tough guys like in the movies or what they pretend to be. You don't need to go hardcore, just things that are painful enough and bring them fear for worse.
>>106486596 >>106486582 >oh no, an excuse to break another finger. how awful.
Ummm sorry Mr. prisoner I'll listen more clearly this time... I was originally only gonna break like two fingers originally, please speak at a slower pace.
>>106485671 (OP)
It only protects against one vector of attack at the expense of exposing to another. If someone steals your yubi key, they can easily log into any account.
>>106487994
storing totp in your pw manager still protects you against website leaks.
the only disadvantage is if your pw database itself gets leaked, in which case you are fucked, totp or not. this happens much less frequently than a website leaking credentials (unless tarded).
imo it's much better to increase the security of the pw manager (with keyfiles, hardware keys), than storing totp in another device.
>>106485671 (OP)
its like those old computers that needed a physical key to turn on but you can't just jam a bic pen in there
and a yubi, whilst a cybsec larper meme, are still superior to smart cards for the sole reason that not every computer has a smart card slot but some shit is seriously wrong if you dont have usb ports.
its also mainly for "secure environments" or companies without a BYD policy where phone meme MFA is inappropriate. personally i have an RSA key that cycles through numbers (i didnt buy it, its for work)
>>106485671 (OP)
for the same reason multifactor exists if someone steals your password but not the key you are still secure. if someone steals your key but not the password you are secure.
