Don't have to type anything. If you don't type anything, there's nothing to keyl... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		kart23 on May 29, 2020 \| parent \| context \| favorite \| on: Linux Security Hardening and Other Tweaks Don't have to type anything. If you don't type anything, there's nothing to keylog right? It'll send a notification to the duo app with the command name, and will allow you to verify whatever you're running. If the attacker attempts to sudo, it'll show the command they are trying to run and you can choose not to allow it.

delroth on May 29, 2020 [–]

2FA that actually carries a payload to verify like Duo will be much harder to exploit, indeed. As to whether making your life harder for routine system administration tasks will actually make stealing your personal data harder, I still have my doubts.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact