Hello,
What is the difference if you log in to windows with a 2FA yubico 5 NFC key with the NFC reader or with a regular Mifare 1K?
I mean in terms of security and how does the 2FA actually work on a windows login?
Does 2FA generate a unique code every time?
The yubikey will have actual security.
M1 uses some crypto, but it’s been broken forever.
So your login using M1’s is more or less just your implant entering a small pin code.
This pin doesn’t change, it’s just a static pin.
The yubikey (or soon™ the apex) works a lot different.
At it’s most basic form of 2FA, TOTP. it will generate one time passwords, like you said:
So yes.
In general, ignoring that there are tons of ways to make 2FA, real 2FA will prove your chip knows a secret without revealing the secret.
That’s the key takeaway, it’s unclonable because it never reveals it’s secret.
There’s a lot of interesting stuff to unpack if you wanna dive deeper.
Go to the TOTP wikipedia and click anything you don’t know from there.
E.g. TOTP → HOTP → cryptographic hash…
Once you’re done with that you can look at asymmetric crypto and modern 2FA.
Yes indeed just what I thought.
But I just got Rohos but to my great disappointment I saw that they only support the Yubikey as its USB stick and not with the NFC function.
I personally think that’s a missed opportunity 