Consolidate yubikey pages #1193
Conversation
|
|
||
| _tbd..._ | ||
|
|
||
| ##### Away detection ideas |
There was a problem hiding this comment.
This can become a two-octothorp (##) top-level section
There was a problem hiding this comment.
This section is specific to Mac or Linux users, so it's a sub-heading under that.
| sudo apt-get install yubikey-neo-manager yubikey-personalization yubikey-personalization-gui | ||
| ``` | ||
|
|
||
| #### Locking your Machine with YubiKey |
There was a problem hiding this comment.
This can become a two-octothorp (##) top-level section
There was a problem hiding this comment.
This section is specific to Mac or Linux users, so it's a sub-heading under that.
sfmcgee
force-pushed
the
smcgee-consolidate-yubikey-pages
branch
from
092bebb to
8b9f9d8
Compare
sfmcgee
changed the title
|
Ok @openprivacy , I incorporated all of your suggested changes, except for the octothorpe header changes, since those sections only apply to Linux or MacOS. Let me know your thoughts, thanks! |
| <!-- prettier-ignore-start --> | ||
|
|
||
| - My Vault -> Account Settings -> Multifactor Options | ||
| - Set up one free option (e.g., [Google Authenticator](https://support.google.com/accounts/answer/1066447?hl=en)) - this is a useful backup |
There was a problem hiding this comment.
Note that Google Authenticator is no longer recommended as it does not support encrypted cloud backup.
...which I believe is still the case. (Should also say we prefer the work-alike Authy.)
Can we switch this to "Authy" and also make the change on line 60 below?
There was a problem hiding this comment.
Just found: https://security.googleblog.com/2023/04/google-authenticator-now-supports.html -- so maybe should remove that line from the Awareness and Tools page... though I'm a bit uneasy (for some reason) about the passwords becoming part of a Google account. Thoughts?
There was a problem hiding this comment.
How about this @openprivacy - I removed the note about Google Authenticator not being recommended, since it now supports cloud backup. But we won't list it as one of the recommended 3 that are currently there (LP Authenticator, Authy & Yubikey). I also added Lastpass Authenticator to row 35 of the yubikey.md page above, in addition to Google Authenticator. I think as long as users don't store their actual passwords in the Google Password Manager/Chrome, then backing up the authenticator app to Google doesn't add much risk. An adversary would still need their password. I haven't heard of any system compromises due to getting access to an authenticator app's backup info.
There was a problem hiding this comment.
Per the conversation in the internal security TEM, add a note about not leaving your Yubikey in your laptop if you are working away from home and step away from it (Starbucks bathroom scenario).
sfmcgee
force-pushed
the
smcgee-consolidate-yubikey-pages
branch
from
72105cc to
8d18d6f
Compare
sfmcgee
force-pushed
the
smcgee-consolidate-yubikey-pages
branch
from
f616e61 to
1109968
Compare
…commendation for mfa
…g away from computer
sfmcgee
force-pushed
the
smcgee-consolidate-yubikey-pages
branch
from
6ee64f6 to
70d1710
Compare
Consolidate all Yubikey content under one page.
📚 Documentation preview 📚: https://civicactions-handbook--1193.org.readthedocs.build/en/1193/