Crusader Wrote:So if someone steals somehow the encrypted passwords (for example, from your S3 storage), then it does not matter whether I used Yubikey or not, is it true?
Crusader Wrote:Is it possible to own 2 Yubikey hardwares, which are the same? I mean if I lost the first one, I can use the second one without doing anyhting?
You should warn users before using Yubikey, because it is dangerous how the system works.
If the user lost the Yubikey, he/she can request to disable it, if he/she clicks on a link in email. But of course most users would store the password for the email service in Lastpass. Which means if you lost your Yubikey, you can't request to disable it via email. Don't you think it is dangerous?
In fact if you use Yubikey, you must use a dedicated email address just for Lastpass, and you have to remember the password for your email, in case of lost Yubikey.
Do you think thats users are aware of this?
What do you think about this: Yubikey Security Weaknesses
Users browsing this forum: No registered users and 18 guests