• Sonori@beehaw.org
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    3 months ago

    To be fair given some of the places and things YubiKeys protect, especially local government, finance, hospitals, and the like, this is one of the cases where a physical attack isn’t beyond the realm of possibility. I’m not cloning a Yubikey with specialized kit to break into a small business, but if it plus a password lets me log in as an accountant at an bank or investment firm on the target’s day off, well then it might be worth it for an attacker.

    • stoy
      link
      fedilink
      English
      arrow-up
      4
      ·
      3 months ago

      Yeah, I was thinking that when I wrote the comment, and aimed it at people working for a smaller company or using it in their personal life, I should have been clear on this.

      • Telorand@reddthat.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 months ago

        All they would have to do to mitigate the threat is buy new keys. The vulnerability doesn’t exist in their keys since May.