Hacker News new | past | comments | ask | show | jobs | submit login

Hardware tokens like a Yubi key prevent this.



A rouge employee could steal a physical key left lying out, much like they can steal keys from computers.


Yubikeys used to store gpg keys for use with gpg or ssh require a pin code to do any signing/decryption.

You only get some limited number of pin attempts before it locks you out.

A stolen key is useless for gpg/ssh.


The point is that you would realize much sooner, since it's real theft, not copying.


Not necessarily in a company. Lots of inventory can be unaccounted for.


Sure, inventory is unaccounted for but you as an engineer knows it's not accounted for. So you go to IT, and you ask for a new one. IT revokes access of the original key, and gives you a new one.

No one in that transaction cares if it was lost or stolen.


But it’s not enough to steal a blank YubiKey from the office storage room. You would have to steal some specific person’s activated YubiKey, and that person will notice it if they need the key regularly to do their job.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: