Tom wrote:
Password can easily be stolen, cracked or snooped from a remote attacker around the world, while the Yubikey it is with you and can potentially only be "stolen" by the very few people around you.
Moreover, the Yubikey secrets cannot remotely stolen.
So there are 2 types of attacks that need to be considered, local and remote.
Tom wrote:
A 100 characters password will not give you anything more then a 20 characters password (practically not theoretically). They are both to long to be guessed (but steal be be stolen/lost/cracked)
In terms of Windows logon I imagine one would need to have RDP enabled for a remote attack to happen against one's Windows account. As far as getting the password, although a long password would protect against a stolen SAM file with the hashed passwords, it would not protect against a keystroke logger which is what you imply when you wrote that it could be stolen regardless of length, right?
Tom wrote:
You can always enable the "safe mode" in the logon tool. This will allow you to reboot your machine in safe mode and login without the Yubikey.
So enabling 'safe mode' in the logon tool, (which is the default), would not protect against local attacks, but would still protect against remote attacks since a remote attacker would not be able to physically reboot the machine in safe mode, right?
Login
FAQ
Search
