Hacker News new | past | comments | ask | show | jobs | submit login

Except that passwords at least protect you if your hardware key is stolen. Using just a hardware key seems similarly risky to just using a password.



So in this case, arent the two factors a) physical possession of desktop/laptop and b) the Yubikey ? How likely is it you'll lose both if you keep your keyring with you?


Not sure reading the article why would I need the computer. The way I read it, you enter the key to any computer and it logs in to the account of the key owner. Am I wrong?


FTA: "Organizations will soon have the option to enable employees and customers to sign in to an Azure AD joined device with no password, by simply using a Security Key to get single sign-on to all Azure AD based applications and services."

Emphasis added. Device needs to be paired with Company's AD first.

I also imagine that there are options for making e.g. the device unlock only require yubikey, but login to SSO require 2nd factor.


You can pair new devices with a company's active directory.


The two factors are a) the YubiKey and b) the PIN for the YubiKey.


Your hardware key is in one place, controlled by you. Your password has been leaked all over the internet.


Exactly - It's similar reason to the crypto keys use passphrases.


What you need is a mechanism to detect loss of contact with the human and revoke. One way is to require several hardware tokens to combine their entropy to authenticate. Again, don't make a password be a part of this, use another token.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: