Hacker News new | past | comments | ask | show | jobs | submit login

That's why you combine them. Nobody is saying auth should purely be based on biometric. It's all three: Something I know, AND something I have, AND something I am. If your DNA is compromised, you still have the thing you know and the thing you have to keep you secure.



So, they make you write the password down.

Then they take the Yubikey.

Then they take your eyeballs and your fingers.

I'm not so sure I want to encourage them to do #3.


I mean, if someone is forcing me to login at gunpoint, I'll gladly oblige - no need for them to gouge my eye out.

This is not the threat model being used here. This feature is meant to protect you when you forget your yubikey on your laptop while on lunch break, allowing any co-worker from logging in/using the GPG keys stored within.


If someone is willing to do that to you to get to the things behind the password, it wouldn't matter whether you enrolled a biometric factor. At that point it's not a tech problem anymore.


Plenty of people are saying it should be purely biometric. For example, iPhones. (Though they do it better than the vast majority of implementations!)


By nobody, I meant here in this article.

Also, just a nit, iPhones aren't purely biometric. You have to input your pin after reboot or a long period of inactivity. I'll agree it's still a bit too close to being a password for comfort though.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: