Comment by __turbobrew__
20 hours ago
I have this at my work. One system requires SSO so I go to the SSO gateway, touch my yubikey to login to SSO, and then I am redirected back to the original app, and it also wants my yubikey so I touch it again, and then I am finally granted access.
The root of trust is my yubikey in both cases but the implementation was lazy.
I brought this up to our security team and they shrugged.
No comments yet
Contribute on Hacker News ↗