7 comments

  • jmole a minute ago

    Cobranded YubiKeys? Weird flex but ok.

    Seriously though if you are letting agents do whatever they want without a PR process that requires hardware authentication or proof of presence, you are putting your code and your org at high risk.

  • nicce 12 minutes ago

    I hope that at some point this is not developing to remote attestation when only "permitted" devices can use the models.

      gustavus 8 minutes ago

      We all know that's where they are going with this.

        inigyou 4 minutes ago

        No, that would almost certainly defeat the point of selling the models.

        Hardware 2FA is not a new concept and is recommended by many people for many purposes. Only the authentication token is attested, and that is the purpose of an authentication token.

  • random3 10 minutes ago

    It’s an advertisement by Yubikey - the hardware key manufacturer

      jeroenhd 2 minutes ago

      I tried enabling their "advanced security" programme on my account and it's currently refusing to continue without at least 2 keys configured.

      The first "hardware key" is actually my Bitwarden faking a hardware key (I'm sure they'll start blocking BW because of this in the future) but it doesn't let me add a second one unfortunately.

  • rahidz 14 minutes ago

    Does this apply to anyone who verified their ID to get access to the slightly less restricted Codex versions, or only to security professionals who have the almost-entirely unrestricted version?