Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Github and google support u2f. If you are a gmail user you should get a u2f device to protect your email.

That said the cheaper yubi do this as well. I use my yubi 4 for securing my ssh key as well though this is a) a pain & b) likely theater.



I use an app based 2FA for that.

Maybe I’ll look into a YubiKey though. My problem is that I’m halfway in my own personal transition from USB A to USB C


App based 2FA is still more vulnerable to phishing than a U2F key, because it relies on the user to check they are entering the code into the right website.

It's also faster and easier (no pulling out your phone, getting a code, typing it in, just touch the key).

Plus, the keys have other features (GPG keys, etc...) which can be useful.


Ah, I didn’t know that u2F was even more phish-proof. Good to know!


I wish you successful personal transition, why you skipped USB B ?


Because host machines don’t have USB B connectors, you typically only see them on hubs and printers.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: