Security keys are much more resistant to phishing than a TOTP authenticator app which is why many users turn off the authenticator app for any services that support that option and they only use their security keys. The only downside of this approach is if you carry your security key on your keychain, if you got robbed then you'd have both your phone (which contains the authenticator app) and your keys (which hold your security key) stolen at the same time. If you have both a Security Key as well as a TOTP authenticator app available as options to unlock an account (such as your 1Password account) then you can consider the authenticator app as the "spare key". If you only have one security key then you'll be locked out of your accounts if you lose your only security key. If you lose your primary security key then you'll still be able to access your accounts using the spare key. You can think of having a spare security key in the same way as having a spare key for your home or apartment. I’m trying to work out if it’s beneficial to have another key solely for use with Apple or wait and hope they lower the threshold and enable a TOTP fall back option. Now Apple have FINALLY enabled security keys but you have to have two and there is no fall back option (that I’ve read) The reason I ask is a lot of services don’t allow you to turn TOTP off anyway so I only ever purchased a single key. But having the TOTP back up enabled is irrelevant if I always use my single yubikey right? Unless I’m missing something what is the harm in having a single Yubikey with TOTP backup if it’s ever lost, which would let’s be honest only be used to log you in to enable a replacement security key.Īs I understand it the main risk to TOTP is MITM attacks, Phishing and Social engineering. However hear me out, because I believe in practise there is no massive benefit to 99% of users. I know 100% they multiple yubikey’s are more secure because, well they just are.
0 Comments
Leave a Reply. |