There is a number of vendors that sell USB keys, and we chose Yubico and their YubiKey 4 series. The attacker needs to physically get a hold of your USB key, which is still a security risk, but in an entirely different domain. The advantages of a hardware solution are obvious: a possibility of a remote attacker gaining access to one of your tools is pretty much eliminated.
#Gnupg mac terminal software#
Authenticating with U2F is already supported by major browsers (the only notable exception, sadly, is Safari) and you can use it with many online services that software professionals use daily: Google and Gmail, Dropbox, GitHub, GitLab, Bitbucket, Nextcloud, Facebook, and the list goes on. Now, instead of confirming your access with some code, you need to insert a USB stick into your computer, press the physical button on it, and the device will take care of the rest. You probably have at least few of those in your pockets: phone SIM, bank cards, various IDs and the like. Known as Universal 2nd Factor (U2F) and originally developed by Yubico and Google, it relies on physical devices (usually USB or NFC) that implement cryptographic algorithms on a chip, similar to smart cards that have been around for ages. So, can we do better? There exists an open authentication standard that aims to both strengthen and simplify 2FA.
Opting for an app like Google Authenticator is more secure, but can also be compromised, at least in theory, if a smartphone that runs it is precisely targeted by an attacker. Cellular networks, however, are not the safest place: messages and calls can be intercepted. By default, it involves requesting one-time access codes either by SMS/phone call or through a dedicated smartphone app. We have enforced 2FA across all our staff for all the tools that we use daily: email, GitHub, task trackers, and others. Even without hardware keys, it makes an attacker’s job much harder than it used to be. The most obvious way to increase security is to opt for two-factor authentication (2FA) that is widely supported. A good old password, even coupled with a password manager, does not cut it anymore. In a hostile environment of the modern web, though, it is easier said than done.
#Gnupg mac terminal code#
Our clients trust us with their source code and, even more importantly, with access to their production servers, and this trust cannot be broken. With more employees and more clients, there is a demand for stronger security.
If you haven’t set up your YubiKey yet, this is a good place to start.Įvil Martians are growing.
0 kommentar(er)
