logoalt Hacker News

OpenAI mandates hardware-backed passkeys for Trusted Access Cyber members

48 pointsby speckxtoday at 2:12 PM21 commentsview on HN

Comments

jmoletoday at 2:48 PM

Cobranded YubiKeys? Weird flex but ok.

Seriously though if you are letting agents do whatever they want without a PR process that requires hardware authentication or proof of presence, you are putting your code and your org at high risk.

show 3 replies
niccetoday at 2:37 PM

I hope that at some point this is not developing to remote attestation when only "permitted" devices can use the models.

show 2 replies
kreittertoday at 5:14 PM

It's a great deal — about 50% off — for those who already wanted a Yubikey.

https://www.yubico.com/store/partner/openai/

Interestingly, I had to switch to my unpaid OpenAI account to access it. I suspect this is because my paid account is registered to a custom.com email address.

rahidztoday at 2:35 PM

Does this apply to anyone who verified their ID to get access to the slightly less restricted Codex versions, or only to security professionals who have the almost-entirely unrestricted version?

show 1 reply
random3today at 2:39 PM

It’s an advertisement by Yubikey - the hardware key manufacturer

show 1 reply
alberthtoday at 3:09 PM

Dumb question: is using the built in passkey support on my iPhone not considered “hardware-backed”, even though iPhone is using device biometrics?

UltraSanetoday at 3:01 PM

I was actually thinking they would have to do this. Having to mail a physical token to a valid address is a extremely powerful access control method.