<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><br>
</p>
<div class="moz-cite-prefix">On 9/22/21 10:33 AM, Dan Kolis wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CADZtRa+UsoTm=VgWXKHtNATbns+x1wwX5hU704hTXdXp2+g7rQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div>Thiese USB or clickable dongles at $20 to $40 each seem a
possible resource in a security patch up / fixup plan.</div>
<div><br>
</div>
<div>I'd be curious how they can be used beyond Win-Doze and
Google cloud stuff, though that might be a good start for some
2nd auth processes.</div>
</div>
</blockquote>
I use mine for github on linux.<br>
<blockquote type="cite"
cite="mid:CADZtRa+UsoTm=VgWXKHtNATbns+x1wwX5hU704hTXdXp2+g7rQ@mail.gmail.com">
<div dir="ltr">
<div><br>
</div>
<a href="https://www.youtube.com/watch?v=nFkrfPH289I"
moz-do-not-send="true">https://www.youtube.com/watch?v=nFkrfPH289I</a><br>
<div><br>
</div>
<div>For instance, enabling them in a sandbox so keycaps don't
get a sniff, then off to the consumer computers.</div>
</div>
</blockquote>
Are you referring to keyloggers? The devices are smart cards that
hold a private key and sign a request. There aren't any keys to log.
The more expensive ones can hold ssh and gpg keys.<br>
<blockquote type="cite"
cite="mid:CADZtRa+UsoTm=VgWXKHtNATbns+x1wwX5hU704hTXdXp2+g7rQ@mail.gmail.com">
<div dir="ltr">
<div><br>
</div>
<div>Regs</div>
<div>Old Dan</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
The cryptography mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a>
<a class="moz-txt-link-freetext" href="https://www.metzdowd.com/mailman/listinfo/cryptography">https://www.metzdowd.com/mailman/listinfo/cryptography</a>
</pre>
</blockquote>
</body>
</html>