jard
Compiler engineer for the Chisel HDL.
I also trickjump in Quake III Arena as a hobby.
- 0 Posts
- 4 Comments
I think you might be overthinking things. “Apple devices you use on a regular basis” just generically means whatever you use and plan to enable hardware 2FA for.
Maybe it’s to emphasize that you’re now going to have to use your hardware keys to regularly use Apple services on your phone, in addition to things like passwords, Face ID, etc.
The author of this article has pages on “the dirty tricks of conspiracy deniers” (???) and cites another site as his inspiration that purports to debunk skeptics of “conspiracies, extrasensory perception, [quantum consciousness] and life after death.” He also cites another nutjob who claims that humans are the product of chimpanzee and pig breeding.
Dude’s easily got several loose screws up there.
U2F on Bitwarden, in principle, doesn’t guard against attackers breaching into your accounts, as the Yubikey serves as a second factor during the authentication stage when the Bitwarden app retrieves the encrypted vault. Unless you combine a static secret from the Yubikey into the master password of the vault, an attacker could, in theory, steal your encrypted vault from the central Bit/Vaultwarden server or any device that’s already downloaded it (note that if this device is your phone, all conventional TOTP is thwarted anyways, so in general phones are the most lucrative target here.) From there, the strength of your master password becomes the only thing separating an attacker from access to all of your online accounts.
I’m not saying that it’s a bad practice and you absolutely shouldn’t do it — I do it myself, as I trust the security of Bitwarden’s servers and my devices in keeping my vault safe. The salient point here is the burden lies on online services upgrading their outdated security options to support U2F, not on us settling with an objectively inferior 2FA option because these services are too lazy and slow.