Comment on Hackers can steal 2FA codes and private messages from Android phones
crazyminner@lemmy.ml 2 days ago
Not ones that use keys. Just shut off your data and wifi then plug in the key and get the code and then remove the key and you’re good to go.
limerod@reddthat.com 2 days ago
Not all banks and website support physical key authentication. Besides, those keys can also be vulnerable. Yubikeys and others were vulnerable to a side channel attack and you had to buy new keys since you cannot patch hardware.
The only saving grace was an Attacker needed physical access to attempt that. But, yes in general can be more secure.
crazyminner@lemmy.ml 2 days ago
Keys can generate TOTP codes that most if not all services that support 2FA/MFA use.
You just scan the QR or enter the code with the key plugged in and it adds it.