ATG 21: How to Use Hardware Security Keys Like YubiKey for 2FA

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

1 Like

Great info, thank you. Wishing my financial services would get on board with hardware security…


But we send a SMS to your [hardware] phone. /snark :wink:

1 Like

@leo and all… what do you all think about Google making the iPhone a physical security key using Bluetooth? Is that a reasonable substitute for a yubikey, albeit you have to use Chrome browser.

1 Like

Ain’t that the truth. I once had a bank that, to get me back into my account, emailed me my password. I think Steve Gibson would call that “in clear text,” or something like that… Feel free to correct me. Anyway, I did send that bank a critical letter to some department. For their inattention plus other reasons, I’ve moved on from that bank.


The vast majority of email is clear text and is quite easy to intercept between in transit if any of the transiting email servers do not use encrypted links.

My current main bank is mobile app only so security is authentication is FaceID. My other bank uses an ID code and a grid of numbers that changes every time I visit the website for me to punch in my passcode. Not sure hire’s that works. No 2FA though.

1 Like