WYGIWYG
Everybody does it differently. GitHub in particular allows multiple
If you are doing development or admin work, I would greatly advise you to pick up a Yubi Key.
My basic setup for any app/site that will allow it is two yubis and one passkey.
One yubi in the safe with next of kin instructions, one on my key ring.
Then any site that supports passkey, I’ll also have one of those there too.
Almost every company has some way to work around the 2FA loss.
It’s easy enough to enforce 2FA on it.
Most of the other online solutions are about the same.
You can read the cables, you can read the transceivers in the video card, in a lot of the screens you can even read the panel changing itself.
Our ability is to remote sense EMF is absolutely ridiculous these days.
Then there’s crap like the espionage where they change fan speeds. Or flash an infrared proximity sensor on a cell phone to exfiltrate data.
Those are awfully dangerous on their own these days.
As soon as a poorly salted hash leaks or gasp, a hash with no salt, it’s super easy to reverse those passwords now.
2FA severely reduces the danger of rainbow tables and keyloggers. The only real worry with 2FA is login replacement and interception. and passkey solves that, allbeit at the cost of complexity.
Half a cryptographic key that you can’t easily give to someone over the phone by accident.
There are a few on audio, I saw one where they read HDMI over the air from 60 ft away.
I’d kinda like to see Bluetooth shored up a bit maybe require a tap to bind every day.
You can tell just from the response on this post people aren’t all ready for passkey yet, but you can’t wait fo them to decide they’re ready before you start.
Under passkey implementations, you need to unlock the passkey device with biometrics or passwords. Something you are/know (biometrics/passwords) and something you have (passkey).
It’s not impossible to screw it up. Put your passkeys in bitwarden, reuse a password and don’t 2fa that.
You can have more than one passkey.
You can still use password + 2fa
You can use google oauth.
You can use a YUBI key
You should probably have a primary and secondary auth for every site.
I get keyboards probably have more range, but i worry privacy was gone a long time ago.
but they require chmod 400 and they’re ideally in on an encrypted disk
So the desk drawer is locked and the codes are Luks encrypted.
And for critical stuff, you should also have a password on the key.
If your ssh keys are like a passwords on paper in a drawer, you’re doing it wrong.
A wprthy cause, but there’s no end of other things to host in LXC. It’s possible, but unpleasant and can be brittle for updates.
Did a little digging around. It looks like they manage to get discovery judgments all the time over partial downloads, but I don’t see them actually taking anyone to court for anything less than a full file.
Once you have the entire file available, it’s hard to shimmy around the distribution claims. Wouldn’t it be super effing interesting if everyone’s torrent client specifically picked a random block and refused to give it to anyone?
I’m not sure it would hold up in court, but it would be interesting.
I hope to hell we’re not infectious, but I worry for everyone, everywhere, eventually. I’m afraid we’re just ahead of the curve.
You’ll still have to be careful they’re targeting people with sensory issues and neurodivergence next.
You know, it would be a really neat browser plug-in. Mouse over a URL and get the encoded bit decoded?
Yeah, no dice, the better sensors these days don’t have any problem with that. Check out Project Farms recent doorbell camera review. He actually walks up to the doorbell camera with a full on flashlight in the pitch black of night and they still have no problem.
Ubiquiti DM pro with its built in suricata. Honeypots, no remote mgmt, ACLs to minimum need, HA networks in isolation. DPI, multiple pi-holes. Phone alerts on intrusion wazuh just for node security compliance. ManageEngine for patches. NTFY alerts on console access.
It’s not perfect