Cobranded YubiKeys? Weird flex but ok.
Seriously though if you are letting agents do whatever they want without a PR process that requires hardware authentication or proof of presence, you are putting your code and your org at high risk.
> Cobranded YubiKeys
More interesting than that even, a tier of YubiKeys that does not exist outside of this cooperation.
The supported features sit between a YubiKey 5C and a Security Key C and I did not find any other way to purchase this tier.
Cobranding is just good marketing at minimal incremental spend when you're running off a batch of hardware.
> want without a PR process that requires hardware authentication or proof of presence
Just curious, what do you use for this?
I built OTP Guard [1] a few years ago for exactly this problem, although I haven't seen any alternatives in the space. Does GitHub have something built-in now?
The original framing was more "local malware compromising your GitHub account" ... it never occurred to me that the malware could be a LLM. I really should update the page.
[1] https://otpguard.com