I hope that at some point this is not developing to remote attestation when only "permitted" devices can use the models.
It's a great deal — about 50% off — for those who already wanted a Yubikey.
https://www.yubico.com/store/partner/openai/
Interestingly, I had to switch to my unpaid OpenAI account to access it. I suspect this is because my paid account is registered to a custom.com email address.
Does this apply to anyone who verified their ID to get access to the slightly less restricted Codex versions, or only to security professionals who have the almost-entirely unrestricted version?
It’s an advertisement by Yubikey - the hardware key manufacturer
Dumb question: is using the built in passkey support on my iPhone not considered “hardware-backed”, even though iPhone is using device biometrics?
I was actually thinking they would have to do this. Having to mail a physical token to a valid address is a extremely powerful access control method.
Cobranded YubiKeys? Weird flex but ok.
Seriously though if you are letting agents do whatever they want without a PR process that requires hardware authentication or proof of presence, you are putting your code and your org at high risk.