0

I just setted my yubikey on Google so I can login into Google without any passwords. However, I don't even have to put a PIN on the yubikey, it simply works. I find this very very dangerous as anyone with my yubikey would be able to access my Google account.

I've used yubikey for SSH login and I have to put the PIN. Why for Google login it does not ask me? Is there a way?

Is there a way to also make its OTP generation depend on a PIN?

I tried putting a PIN on FIDO2, but I still can log into Google without any PIN, I don't know what's that for

Guerlando OCs
  • 405
  • 4
  • 14
  • 1
    The threat model for security keys generally assumes that unauthorized parties don't have access to it. Generally people use a YubiKey with FIDO2 as a second factor so that theft is less of a problem. – bk2204 Aug 15 '21 at 22:09
  • Usually, Yubikey works as the second factor for authentication, how did you set it up? I want to follow your approach, I am tied to input username and password to log in to google every day. – Ryan Lyu Apr 26 '22 at 08:39

0 Answers0