Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
alt227 4 days ago

Surely people can still phish for the user to insert their hardware key to approve something malicious?

4 days ago | parent | next [-]
[deleted]
kbrkbr 4 days ago | parent | prev | next [-]

What is phishing resistant MFA? - https://www.sans.org/blog/what-is-phishing-resistant-mfa

alt227 3 days ago | parent [-]

Exactly. 'Resistant' not 'impenitrable'.

The article itself says that 100% phishing resistance is impossible. So I stand by my arguement that if you give an idiot a Yubikey, it still doesnt save them from themselves.

>Does this technology eliminate all risk? No. As this becomes widely deployed new attacks will be developed, but it will be MUCH harder for the cyber attacker.

> FIDO is extremely resistant to phishing attacks but adopting FIDO does not mean your organization is secure against phishing.

codedokode 4 days ago | parent | prev [-]

Hardware keys (unlike humans) usually check page URL and do not send the data stored by another domain.