We need the best security we can possibly get, especially in an age where so many peoples' personal data is being collected and stored. They are throwing away both a massive capital investment, and quite literally (when used properly) the best tool they have against both phishing and lateral movement in their network, because they fail to adequately understand what they are working with and do a proper risk assessment. To me this would be a whistleblower moment for higher-ups. It is not possible* for someone to alter the code on a YubiKey once it has been programmed and sealed at the factory.
Then I have to say as a fellow tinfoil-hat wearer that your security team is really not smart, or really doesn't understand the YubiKey.
0 kommentar(er)
