Re: South Africa On Lockdown - Coronavirus - Update!

[Sabri Berisha <sabri () cluecentral net>]

Hi, 

In my experience, yubikeys are not very secure. I know of someone in my team who would generate a few hundred tokens 
during a meeting and save the output in a text file. Then they'd have a small python script which was triggered by a 
hotkey on my macbook to push "keyboard" input. They did this because the org they were working for would make you use 
yubikey auth for pretty much everything, including updating a simple internal Jira ticket. 

Thanks, 

Sabri 

----- On Mar 23, 2020, at 1:26 PM, Eric Tykwinski <eric-list () truenet com> wrote: 

> I’ve already been playing with YubiKeys, but sadly Google Titan wouldn't work
> with Windows Hello.
> Might be something I was doing wrong...

> Sincerely,

> Eric Tykwinski
> TrueNet, Inc.
> P: 610-429-8300

> > On Mar 23, 2020, at 4:21 PM, Peter Beckman < [ mailto:beckman () angryox com |
> > beckman () angryox com ] > wrote:

> > Software-based TOTP offer more security than no one-time passwords, but
> > admittedly less than the physical tokens. Google Authenticator, Authy,
> > 1Password, LastPass all support TOTP.

> > On Mon, 23 Mar 2020, Alexandre Petrescu wrote:

> > > I dont know where are people about supporting VPN and one-time passwords on
> > > tokens.

> > > At my work place a few people dont have tokens (OTP - One Time PAsswords). The
> > > reserve of these tokens has been exhausted. NEw ones are being on order. Until
> > > then some people cant get on VPN.

> > > Some people forgot their token on their desk and had to to travel to office to
> > > get it, a thing not good to do to go to office now.

> > > Some (not sure) might have issues with syncing these devices. An OTP token has a
> > > certain skew about clock, and a battery that lasts long. Hopefully, one's token
> > > has been synchronised recently and the battery is new. The length of time one
> > > cant go to office might be anywhere between 21 days (announced) and 2 months
> > > (experrience eg in Wuhan still closed). Some times the synching of clock can be
> > > performed remotely, and some 'coin' batteries can be replaced by the person
> > > with skill and tools, could be extracted from a quartz watch for example.

> > > An OTP device can be of many kinds. Some people keep OTPs on paper (I did some
> > > time ago). Some OTP devices are like Japanese 'tamaguchi' format, others like a
> > > credit card format.

> > > Alex, LF/HF 3

> > > Le 23/03/2020 à 20:47, Mark Tinka a écrit :

> > > > On 23/Mar/20 21:20, Peter Beckman wrote:

> > > > > But also:

> > > > > "The categories of people who will be exempted from this lockdown
> > > > > are... those involved in the production, distribution and supply
> > > > > of... telecommunications services"

> > > > > [
> > > > > https://www.cnbcafrica.com/news/2020/03/23/breaking-nationwide-lockdown-announced-in-south-africa/
> > > > > |
> > > > > https://www.cnbcafrica.com/news/2020/03/23/breaking-nationwide-lockdown-announced-in-south-africa/
> > > > > ]
> > > > > I think most anyone on this list could be considered exempt.
> > > > > I do hope the same will be true should our respective local and national
> > > > > governments take similar action.

> > > > Yes, a number of "essential services" have been identified as needing to
> > > > continue to operate under special dispensation during the lockdown, and
> > > > telecoms falls within that.
> > > > The details of the implementation of the dispensation may be nuanced.
> > > > Experience will tell us more in the coming days.
> > > > Mark.

> > ---------------------------------------------------------------------------
> > Peter Beckman Internet Guy
> > [ mailto:beckman () angryox com | beckman () angryox com ] [ http://www.angryox.com/ |
> > http://www.angryox.com/ ]
> > ---------------------------------------------------------------------------