[Cryptography] So please tell me. Why is my solution wrong?
John Levine
johnl at iecc.com
Wed Feb 15 17:24:40 EST 2017
In article <CACQRC431R7+vcZ9e7Cyyfc1riq9kKuPYy=9hCxwypZ_VcaRj0A at mail.gmail.com> you write:
> Having dongles where you just press a button would be much
>better, so don't tell me that they are available right now.
They are available right now. I know this because I am holding two of
them in my hand. One is a U2F key by Yubico, the other is a Plug-Up
security key. They both implement an open spec from the FIDO
alliance.
Physically, they're USB dongles that pretend to be keyboards and send
a text string, when you push a button on the Yubico, or when you plug
it in with the Plug-up. They are about the size of a house key and
have a hole so you can put them on a keychain.
I use one of them to secure my Google account. They work pretty well
if you're using a computer with a USB port, not at all from a phone
since there's no place to plug them in, and even with a USB to micro
USB adapter, phone apps tend not to expect input from a physical
keyboard.
Then there's Google Validator, an app that runs on your phone and
generates those six-digit codes. It's also an open spec, anyone can
use it and many do. My Validator app generates codes for my Amazon
account, my Hurricane Electric tunnelbroker account, my Tucows
registrar account, by Bitstamp account, my Synology disk server, and
also my Google account.
None of this is obscure. It's all easy to find if you look for it.
R's,
John
More information about the cryptography
mailing list