2026-06-04
Hardware keys for 2FA don't make sense to me
Disclaimer
- Quick Note
- I have not fully thought this through. Don't blindly follow my advice in a high stakes context. Some chance this ends up being a noob take.
Main
- I read more about hardware keys. I still don't understand how they make sense.
- If I understand correctly, the main threat model is if your PC has malware. Which is an extremely hard threat model to defend against, by the way.
- I understand using cryptocurrency hardware wallets. I understand using TAILS. In both of these, you can actually verify what is being signed, on the secure device itself. The secure device is more hardened, has less software installed on it, has better firmware, and so on.
- With a hardware key however, if your PC has malware, you will just end up signing malware using the hardware key, because you have no secure device telling you what you are signing.
- I am also not a big believer of defence-in-depth, although it depends on the threat model.
Subscribe
Enter email or phone number to subscribe. You will receive atmost one update per month
Comment
Enter comment