|
I still prefer the use of a physical verification key of which I control.
Any of these authentication apps require online connectivity which presents an attack vector that is constantly being probed and tested. When one of those get compromised, all hell will break loose. And, it's not if, it's when.
And, reliance on SSH? Really? There are 25 Common Vulnerabilities and Exposures (CVE) for SSH listed by the National Cybersecurity FFRDC. A few of which are active, unresolved and have existing public exploits.
I'll stick with a physical key.
|