A finger print as authentication factor: be sure it is not the only factor, and devise a way to delete it just in case some party wants to force you to use it as an authentication factor.
Some links for my archive:
- [Archive.is] Ian Coldwater 📦💥 on Twitter: “I don’t know who needs to hear this, but you can wire sudo to TouchID… “
-
- [Archive.is] Cabel on Twitter: “Pro MacBook Pro Tip: have a Touch Bar with Touch ID? If you edit /etc/pam.d/sudo and add the following line to the top… auth sufficient pam_tid.so …you can now use your fingerprint to sudo!”
-
[Archive.is] Cabel on Twitter: “(Important caveat/warning: if you SSH into that machine, you will NOT be able to sudo, as your fingerprint cannot travel through SSH. 😜)”
- [Archive.is] Ian Coldwater 📦💥 on Twitter: “there are probably Fifth Amendment implications to this, so threat model accordingly”
- [Archive.is] mikey on Twitter: “After every update you’ll need to edit /etc/pam.d/sudo because Apple reverts it to default. Here’s some shell code to automate editing it to enable TouchID for
sudo… “ - [Archive.is] Zack McCauley on Twitter: “It does revert after every OS update though. Not been able to get it to stick yet on any machine. 🙃… “
- [Archive.is] TC on Twitter: “SSH private key too! … “
- [Archive.is] Stephen Kraus – Spooky Virtualized Uranium🔑☢️⚛️ on Twitter: “Nice, you can do this under Ubuntu if your laptop has a fingerprint reader as well: … “
- [Archive.is] Stephen Kraus – Spooky Virtualized Uranium🔑☢️⚛️ on Twitter: “Also with Yubikey: … “
- [Archive.is] Stephen Kraus – Spooky Virtualized Uranium🔑☢️⚛️ on Twitter: “Hypothetically sure, I setup a fingerprinter reader on one of my machines that would push a wipe if I used my pink.… “
- [Archive.is] skaffen-amtiskaw on Twitter: “you can forward the native win32 ssh-agent (which can keep ssh private key in windows credential store) to wsl containers quite easily, if that’s what you’re looking for… “
- [Archive.is] 🖲️ tom (beast crime era) 🖲️ «💉2/2» on Twitter: “important to note: that requires some extra config if you use iTerm instead of … “
-
–jeroen
The Wiert Corner - irregular stream of stuff 