I'm extremely disappointed. I bought the yubikey just thinking about forcing access through it, but that is not possible so instead of increasing security I just see it as an extra form of access.
This is the link to configure ms account in passwordless mode support.microsoft.com/en-us/account-billing/how-to-go-passwordless-with-your-microsoft-account-674ce301-3574-4387-a93d-916751764c43
Hello! I understand everything and it seems fabulous to me, but in terms of security, nowadays it is not exactly the same? Since we can choose to log in with passwordless (more secure), but we still have the option of email and password. So for now, is it just for comfort?
@@codewrecks think the point is that you should be able to disable all other means of login, so that you can only use the token for access. I agree that one should be able to setup the login so that only the token can be used. I’m not looking for extra login options; I’m looking to force security to a higher level.
You can always setup your microsoft authenticator app and then delete the seed from the app. But I agree, it would be really nice having a method to remove all other two factors and rely only on physical keys.
It is still present, but probably you need first to configure microsoft authenticator or a standard TOTP authenticator before you are able to add your first security key.
No, after username and password, you need to have Second Factor of authentication that can be Authenticator APP, SMS, or code sent to another verified email. Thanks to FIDO2 you can access only with the key knowing the PIN.
@@codewrecksI think you’re missing the point. People are not looking for an additional way to log in. They want the token mechanism to be the only way to log in. They don’t want the password/authentication app login capability to be available at all.
@@F16_viper_pilot that's extremely risky because if you lose the key you lose your account. Having said that you should be able to add multiple keys and remove the email/password and authenticator as security options after you have the keys setup.
You can use yubikey as single factor, type pin, touch and you are logged in. You keep authenticator as a backup of you have only one key and you lose it. That is the configuration I'm using
thanks for this series. question: if the service support FIDO2, why you still setup OTP? is not better remove OTP and just leave FIDO2?
Some services does not support FIDO2, and others does not let you using only keys...
I'm extremely disappointed. I bought the yubikey just thinking about forcing access through it, but that is not possible so instead of increasing security I just see it as an extra form of access.
This is the link to configure ms account in passwordless mode support.microsoft.com/en-us/account-billing/how-to-go-passwordless-with-your-microsoft-account-674ce301-3574-4387-a93d-916751764c43
Hello! I understand everything and it seems fabulous to me, but in terms of security, nowadays it is not exactly the same?
Since we can choose to log in with passwordless (more secure), but we still have the option of email and password. So for now, is it just for comfort?
Email and password are not enough, you need second factor with authenticator app. With the key you need only the key.
@@codewrecks think the point is that you should be able to disable all other means of login, so that you can only use the token for access. I agree that one should be able to setup the login so that only the token can be used. I’m not looking for extra login options; I’m looking to force security to a higher level.
You can always setup your microsoft authenticator app and then delete the seed from the app. But I agree, it would be really nice having a method to remove all other two factors and rely only on physical keys.
Thank but I think this option isn't available any more 1:59
It is still present, but probably you need first to configure microsoft authenticator or a standard TOTP authenticator before you are able to add your first security key.
Whats the point of a security key if its an option to login. If a hacker has the password he can still get in even with a key just using the password.
No, after username and password, you need to have Second Factor of authentication that can be Authenticator APP, SMS, or code sent to another verified email.
Thanks to FIDO2 you can access only with the key knowing the PIN.
@@codewrecksI think you’re missing the point. People are not looking for an additional way to log in. They want the token mechanism to be the only way to log in. They don’t want the password/authentication app login capability to be available at all.
@@F16_viper_pilot that's extremely risky because if you lose the key you lose your account. Having said that you should be able to add multiple keys and remove the email/password and authenticator as security options after you have the keys setup.
@@wackzingo I wasn’t suggesting to not have a backup token. I keep multiple backup tokens.
can you get rid of authenticator app and add Yubikey as 2fa instead?
You can use yubikey as single factor, type pin, touch and you are logged in. You keep authenticator as a backup of you have only one key and you lose it.
That is the configuration I'm using
closed source transmission of hidden purchase date and product numbers communicated to certain U.S sites the device is used on.
'promosm' 😳