> If your recovery mechanism completely bypasses the benefits of using the YubiKey, that recovery mechanism is what your attackers will use.
I don't use any methods other than YubiKey when I do have my keys. So attackers cannot trick me. If I see a choice without Yubikeys I immediately know I'm being phished.
We’re talking about what happens if you lose your keys. If all I need to do is call and say “this is netheril96” and they’ll give me access, the yubikey is theatre.
I don't use any methods other than YubiKey when I do have my keys. So attackers cannot trick me. If I see a choice without Yubikeys I immediately know I'm being phished.