[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029
Theodore Ts'o
tytso at mit.edu
Sat Apr 19 13:27:59 EDT 2025
On Fri, Apr 18, 2025 at 08:03:42PM +0000, iang via cryptography wrote:
>
> Not to mention, a lot of us are aging out, are half blind, have to pick
> and poke at tiny buttons on hyper-sensitive mobile phones, have 1000
> passwords recorded somewhere, and the errors this password bs generates
> creates a DOS all of its own.
A great solution to this is Fido 2 with hardware authentication and
passkeys. My laptop has a Yubikey 5 Nano attached, and when I need to
authenticate to a website which is Fido 2 enabled, I just tap the
security key, and I can log in quickly and easily.
The security key also provides single-touch, secure access to my ssh
and PGP keys, so when I need to create signed git tag so I can
securely push changes to an open source project, there is need for me
to type some long, complicated password.
And this is *far* more secure than a self-signed certificate.
Cheers,
- Ted
More information about the cryptography
mailing list