I guess I didn't understnd that bit. It sounds like there is som mistunderstanding about how Yubico authenticator works?
It does not store the secrets on the disk/memory of the phone/laptop at all. It just sends over a code. The device only sees one code and nothing else.
This is also why a user can get a new phone and and just tap the key to the new phone and truck on. Magic.
When a user drops their Google Authenticator phone in the toilet however... bad day.
No, I'm pretty clear about how Yubikey TOTP works. The point is that the threat model doesn't make sense. Any device you can use Yubikey TOTP on is significantly less secure than your iPhone.
Yes, I'm clear that the attacker in this scenario doesn't get your TOTP secrets. If your primary goal is to protect your TOTP secret, I see your point. My problem is, my goal is to protect my actual account. I kind of don't give a shit about my TOTP secret, because Google will give me as many new TOTP secrets as I ask it for, but I only have the one account. If the device I'm securely generating a TOTP secret for is compromised, I'm going to feel pretty silly doing a security theater dance with my Yubikey as my attacker steals my cookie and locks me out of my Google account.
Don't be evasive. It doesn't matter how you secure the channel, with cookies or magic beans: if the attacker controls the device you're using Google Mail from, they've compromised the account. What's the point of having a super secure key to a house with a wide-open hole in the side of it? There is no point, is the answer.
They may of compromised gmail, because gmail is logged in. They however won't get to the other 20 services that I have not recently logged into recently on the device that also use hardware tokens. They don't get the totp secret for my AWS account which I only log into from that device in emrgencies. Etc.
If someone gets remote access to your device it is a very bad day, but you -can- have damage control and a clear picture of what they had access to and what they did not.
If the attacker roots your phone and it has your unlocked password manager on it and google authenticator with all the 2fa secrets... well now they get the entire farm, including for services you don't have active cookies for.
Hardware tokens are not magic, but they are a very useful tool and if we combine enough tools we make the life of an attacker that much harder.
And then there is the recent story of someone getting private emails/password resets/paypal info sent because Gmail ignores the dot in their email address... https://news.ycombinator.com/item?id=14140569 - which makes one wonder if that's already an attack angle being used.
Let me simplify my point: Whether or not the TOTP secret is on the smartphone, encrypted or not, or sent to it from another device, is the wrong attack vector to optimize for.
Getting mainstream users en masse to consistently and correctly use any 2fa is a win.
Furthermore, you're moving the goalposts a bit by using the Yubikey in this scenario. So sure, if someone compromises your phone they don't compromise the Yubikey, but 1) how certain are you that your Yubikey is safer than a modern iPhone or Android model with the crypto and security engineering that entails and 2) how certain are you that accessing your iPhone's filesystem or execution state does not bypass this whole dance entirely?
For you, the minimal security gains might outweigh the usability costs if you know what you're doing. But a hardware token for most people, as the technology currently stands?
The device keeps the secret in self contained memory and never exposes it. It is on the other side of a USB bus or in some cases NFC. There have been local attacks against old designs via side channel attacks etc, but never once a remote attack. The model makes that pretty hard. The phone is essentially zero knowledge. Android and iOS allow arbitrary execution of user installed code and are a massive attack surface and have piles of pubished vulnerabilities.
By moving secrets to very simple easy to reason about devices we get substantial reduction in attack surface.
Also I have helped deploy these to several dozen people, taught workshops etc. It is no harder than teaching people to use Google Authenticator, but lower attack surface.
Use U2F where you can and when you must fall back to TOTP at least you can promise an attacker does not get a free pass to genreate codes whenever they want which is something.
Getting mainstream users to use 2FA? Is that like getting them not to use overly simple PWs? Or not use open wifi? Those people?make Not sound like an ahole but...How's that working out for ya?
I think ya might be able to argue that if you're going to add friction (e.g., Yubikey) you're also creating a great senses of seriousness. That sense of seriousness is seriously lacking.
All that said, the UN + PW idea is too weak. We need something that's up to the threat AND is also appropriate to the risk of loss. Best I can tell, as a general mainstream rule, we're not even close to that. It's 2017? Really?
It does not store the secrets on the disk/memory of the phone/laptop at all. It just sends over a code. The device only sees one code and nothing else.
This is also why a user can get a new phone and and just tap the key to the new phone and truck on. Magic.
When a user drops their Google Authenticator phone in the toilet however... bad day.