All current Yubikeys fit the bill here as as well as some Nitrokey models. To acheive this consider a device with built-in TOTP support in addition to U2F. The typical goal of a security token is to be able to assert: "No one can log into my account without this physical device or an offline backup token from my safe" If you are going to use Google Authenticator it is your weakest link and a security token buys you no added security, only ease of use. An adversary that exploits your phone can generate TOTP tokens as they like and ignore the fact you have a hardware token. Google Authenticator stores the TOTP secret in plaintext on your device where the potential exists for it to be stolen. I would advise against Google Authenticator as a backup as it really defeats the point of a hardware token.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |