• Sonori
    link
    fedilink
    English
    3
    edit-2
    3 months ago

    To be fair given some of the places and things YubiKeys protect, especially local government, finance, hospitals, and the like, this is one of the cases where a physical attack isn’t beyond the realm of possibility. I’m not cloning a Yubikey with specialized kit to break into a small business, but if it plus a password lets me log in as an accountant at an bank or investment firm on the target’s day off, well then it might be worth it for an attacker.

    • @[email protected]
      link
      fedilink
      English
      43 months ago

      Yeah, I was thinking that when I wrote the comment, and aimed it at people working for a smaller company or using it in their personal life, I should have been clear on this.

      • @[email protected]
        link
        fedilink
        English
        23 months ago

        All they would have to do to mitigate the threat is buy new keys. The vulnerability doesn’t exist in their keys since May.