Google's security operations team determined that the risk of theft of a security key is actually lower in practice than the risk that an employee's phone-based OTP might be phished. Well, it's also a problem if you use a particularly lousy password, and if you don't notice that the laptop/key are gone soon enough that you can disable the key before the attacker guesses your password.įWIW, Google switched to using security keys for corporate account authentication a while ago. However, in order to make use of it they have to have (or guess) your password as well, so it's really only a risk if someone is specifically targeting you, in which case they could also steal your phone. If someone steals your laptop they have your key. There's an obvious downside of leaving the key plugged into your laptop, of course. I just leave it plugged into my laptop all the time, so there's no "fumbling with USB sticks", I just run my finger along the side of the laptop until it hits the key. just enough that you can touch it to activate it. It's a tiny device, only extends from the USB port by a millimeter or so. I don't see how fumbling around with USB sticks is much better.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |