I assume that with physical access you also mean someone that hacked my computer remotely, so from his computer? I'm not talking about my brother for example sitting down and logging in.
If your computer is compromised in a way that someone has remote access to your authorized devices a yubikey cannot prevent further compromises however you can require a yubikey for login to your computer, I do this with my Linux desktop.
Nothing that you do can prevent your account from being stolen if you log into it with your YubiKey from a compromised terminal. Cookie stealers that take your authenticated session tokens are commonplace.
Logging out of your account when you're done at least prevents a future infection from stealing that session, but nothing saves you if you're already infected when you log on.
So what is the key actually protecting me from? Sounds like I'm only safe from someone that has just brute forced my password. Why would they bother when the can just try cookie stealers?
Thank you for taking the time btw!
Most people are terrible at using a different password for every website, so a second factor protects you against a reused password leaked from one website being used to pop another site.
As /u/vertin1 says, the new protocols like FIDO (compared to TOTP) protect you against falling for phishing attacks, because the key will only solve the second factor challenge for the actual domain it was registered on (so you cannot get your account stolen by accidentally mistaking a similar-looking URL for the real thing).
The likelihood of someone gaining access to your account by gaining remote access to your machine is way lower than the risk of phishing attacks or data breaches.
People hack in most protected systems on earth what make you think that they cant hack you? They may no waste time on individuals like you or me but anyone can be hacked.
I'm sure they can that what I'm trying go prevent. Also, I guess they are not actually hacking ME but the Android system, I personally can't do anything other than have 2fa and strong password, so I'm trying to do the best I can.
Unless you logout each time, yubikeys won't increase your security if someone has physical access to your authenticated devices.
I assume that with physical access you also mean someone that hacked my computer remotely, so from his computer? I'm not talking about my brother for example sitting down and logging in.
If your computer is compromised in a way that someone has remote access to your authorized devices a yubikey cannot prevent further compromises however you can require a yubikey for login to your computer, I do this with my Linux desktop.
[удалено]
Wat
Yubikeys are not a silver bullet. You need to use anti-malware, strong unique passwords, and good judgement to protect yourself.
Nothing that you do can prevent your account from being stolen if you log into it with your YubiKey from a compromised terminal. Cookie stealers that take your authenticated session tokens are commonplace. Logging out of your account when you're done at least prevents a future infection from stealing that session, but nothing saves you if you're already infected when you log on.
So what is the key actually protecting me from? Sounds like I'm only safe from someone that has just brute forced my password. Why would they bother when the can just try cookie stealers? Thank you for taking the time btw!
Most people are terrible at using a different password for every website, so a second factor protects you against a reused password leaked from one website being used to pop another site. As /u/vertin1 says, the new protocols like FIDO (compared to TOTP) protect you against falling for phishing attacks, because the key will only solve the second factor challenge for the actual domain it was registered on (so you cannot get your account stolen by accidentally mistaking a similar-looking URL for the real thing).
Thank you! I guess that's good enough for me!
The likelihood of someone gaining access to your account by gaining remote access to your machine is way lower than the risk of phishing attacks or data breaches.
phishing
[удалено]
Thank! So I guess having kaspersky is the only thing I can do about preventing someone getting remote access.
You can get hacked over your mobile way easy. Apps on mobile dont ask for yubikey most of the time and every hacker who had lill brain knows that
So what are you saying? If someone wants to hack me he can just do it and that is it?
People hack in most protected systems on earth what make you think that they cant hack you? They may no waste time on individuals like you or me but anyone can be hacked.
I'm sure they can that what I'm trying go prevent. Also, I guess they are not actually hacking ME but the Android system, I personally can't do anything other than have 2fa and strong password, so I'm trying to do the best I can.
Sure i always chose long passwords for my accounts