Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Don't keep it on the same keychain as your car keys. I don't–that would be terribly impractical. Instead, it lives in my laptop slipcase.

Even better, get the nano version and leave it in your USB slot permanently: http://www.amazon.com/dp/B00O8ST7MM



Isn't this kind of counterproductive? A key use case of 2FA is to keep your accounts secure if your computer is simply stolen.


Unless you don't click "Remember this computer for 30 days" and log in every time, 2FA isn't protecting you from stolen computers.

Security key protects you from phishing and someone on the Internet guessing your password.

(Many security keys are designed to be permanently installed in your computer, like this one: http://www.amazon.com/Yubico-Y-110-YubiKey-NEO-n/dp/B00O8ST7...)


It's not even 30 days necessarily. I use 2FA on gmail with "remember this device" checked, and I haven't had to sign in for a year or more.


Is this on Android? That works a little differently than desktop logins.


Nope, desktop browser. As long as I use it regularly, I never get signed out.


You can revoke that key if your computer is stolen.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: