|
Hello, I'm a new YK users, loving it so far. I'm concerned a bout one potential issue:
I'm going to use a Yubikey 4 for TOTP, U2F and PGP. I'm not worried if I leak a token for site A to site B but I'm worried if malware in compromised machine can wait for me to login somewhere and press the button and send a PGP sign or decrypt operation to the yubikey. I will press the button to authorize the operation because I'm login into a site but the malware will use the opportunity to forge a message for example or authenticate to a remote SSH server.
Is there a light pattern or press pattern to avoid this attack? For example press twice or press longer for PGP operations or different light flashing.
thank you
|
Login
FAQ
Search
