logoalt Hacker News

jmoletoday at 2:48 PM3 repliesview on HN

Cobranded YubiKeys? Weird flex but ok.

Seriously though if you are letting agents do whatever they want without a PR process that requires hardware authentication or proof of presence, you are putting your code and your org at high risk.


Replies

jallmanntoday at 3:10 PM

> want without a PR process that requires hardware authentication or proof of presence

Just curious, what do you use for this?

I built OTP Guard [1] a few years ago for exactly this problem, although I haven't seen any alternatives in the space. Does GitHub have something built-in now?

The original framing was more "local malware compromising your GitHub account" ... it never occurred to me that the malware could be a LLM. I really should update the page.

[1] https://otpguard.com

show 1 reply
kirabtoday at 2:55 PM

> Cobranded YubiKeys

More interesting than that even, a tier of YubiKeys that does not exist outside of this cooperation.

The supported features sit between a YubiKey 5C and a Security Key C and I did not find any other way to purchase this tier.

toomuchtodotoday at 3:56 PM

Cobranding is just good marketing at minimal incremental spend when you're running off a batch of hardware.

https://news.ycombinator.com/item?id=13635798