Linna LaNov 14, 2022
yan

nobody:

absolutely nobody:

yubikey: cccjgjgkhcbbcvchfkfhiiuunbtnvgihdfiktncvlhck

Nov 14, 2022 at 8:11amWeb
Show threadkouhai, of the health issuesNov 14, 2022

@bcrypt

bottom text

Show threaddmi 💽 Nov 14, 2022
@kouhai @bcrypt bottom text as a service
Show threadalyx (dual-stack)Nov 14, 2022
@bcrypt eifjccgcknuvdbbedihbgdtgdubuthcvthuujeeuffrr
Show threadI keep it around for luck.Nov 14, 2022
@bcrypt I think I have a yubikey from a Wired subscription. Never used it, never needed it. The yubi, not the Wired sub.
Show threadAPT Ate My HomeworkNov 14, 2022
@bcrypt 😱 the mouth on that thing!
Show threadyetztNov 14, 2022
@bcrypt i regret getting the smol capacitative one for my macbook, conteplate getting an extension cord to get it out of reach.
Show threadJernej Simončič �Nov 14, 2022
@bcrypt One of my yubikeys is permanently inserted into USB port in my monitor. It's also at just the right height that my cat randomly triggers it while grooming.
Show threadAshi HelveticaNov 14, 2022
@bcrypt yubikeys were the original bottom-speakers
Show threadBaggypantsNov 14, 2022
@bcrypt LOL. Classic yubikey! 😂
Show threadNiklas Nov 14, 2022

@bcrypt I always set yubico OTP to the long press slot to prevent this and slot 1 to hmac

But yeah.. it happens

Show threadSascha WenningerNov 14, 2022
@bcrypt And it always happens in chat messages too!
Show threadI love this, so INov 14, 2022
@bcrypt And that's how AWS S3 buckets get their new names
Show threadCysio Nov 14, 2022
@bcrypt luckily you can disable it AFAIR
Show threadSedat KapanogluNov 14, 2022
@bcrypt which leaks your YubiKey serial number. a very strong signal. https://ssg.github.io/yubitell/
yubitell - identify a yubikey

Show threadSteveL 🏳️‍🌈🇺🇦🥓Nov 14, 2022
@bcrypt and why is it always with a document I’ve just created the shares link to so everyone then can comment on it??
Show threadRich Lafferty 🐀Nov 14, 2022

@bcrypt Gesundheit!

But also, https://github.com/pallotron/yubiswitch

GitHub - pallotron/yubiswitch: OSX status bar application to enable/disable Yubikey Nano

OSX status bar application to enable/disable Yubikey Nano - GitHub - pallotron/yubiswitch: OSX status bar application to enable/disable Yubikey Nano

GitHub
Show threadAsbjørnNov 14, 2022

@bcrypt

I just got my first yubikey and this is so true 😂

Show threadMike Toole Nov 14, 2022
@bcrypt
Show threadyanNov 15, 2022
@firetoole OMG this is fantastic
Show threadAnna Aurora 🏳️‍🌈🏴‍☠️Nov 14, 2022
@bcrypt I had this happen way too many times when I accidentally pressed my yubikey or was fidgeting or fiddling around with it. Finally disabled it like a week ago with Yubikey Manager.
Show threadGlyphNov 15, 2022
@bcrypt i always just thought these were funny until I found out they were dangerous https://xeiaso.net/blog/push-2fa-considered-harmful
Push notification two-factor auth considered harmful

Push notification two-factor auth considered harmful - Xe's Blog

Xe's Blog
Show threadijk64Nov 15, 2022
@glyph @bcrypt TLDR:
“Unlike SMS or email OTPs, which typically expire after a short period, Yubikey OTPs are valid until they, or a later generated code, are used for authentication. Until then, your authentication is vulnerable to a buffered replay attack”
(I’d forgotten this!)
Show thread🍵 hollyNov 15, 2022
@bcrypt Here, @cibomahto this thread is for you
Show threadTobi aka Big Dog 🔜 FCNov 18, 2022
@bcrypt
Op! I was not expecting this! 🤣
@ceralor
Show threadAaron Toponce ⚛️Nov 23, 2022
@bcrypt In the #Dvorak layout, that would be: jjjhihitdjxxjkjdutudccggbxybkicdeuctybjkndjt
Show threadlj·rkNov 23, 2022
@bcrypt I only use it for WebAuthn, Yubi OTP etc. are unusable for me, doubly due to the limit of OTPs I can store
Show threadUshi   Nov 24, 2022
@bcrypt forrrrreal!!!!
Show threadApicultor 🐝Nov 25, 2022
@bcrypt Legacy Yubikey OTP needs to be allowed to die, and it should have been disabled by default long ago.