Seriously though if you are letting agents do whatever they want without a PR process that requires hardware authentication or proof of presence, you are putting your code and your org at high risk.
No, that would almost certainly defeat the point of selling the models.
Hardware 2FA is not a new concept and is recommended by many people for many purposes. Only the authentication token is attested, and that is the purpose of an authentication token.
I tried enabling their "advanced security" programme on my account and it's currently refusing to continue without at least 2 keys configured.
The first "hardware key" is actually my Bitwarden faking a hardware key (I'm sure they'll start blocking BW because of this in the future) but it doesn't let me add a second one unfortunately.
Does this apply to anyone who verified their ID to get access to the slightly less restricted Codex versions, or only to security professionals who have the almost-entirely unrestricted version?
Cobranded YubiKeys? Weird flex but ok.
Seriously though if you are letting agents do whatever they want without a PR process that requires hardware authentication or proof of presence, you are putting your code and your org at high risk.
I hope that at some point this is not developing to remote attestation when only "permitted" devices can use the models.
We all know that's where they are going with this.
No, that would almost certainly defeat the point of selling the models.
Hardware 2FA is not a new concept and is recommended by many people for many purposes. Only the authentication token is attested, and that is the purpose of an authentication token.
It’s an advertisement by Yubikey - the hardware key manufacturer
I tried enabling their "advanced security" programme on my account and it's currently refusing to continue without at least 2 keys configured.
The first "hardware key" is actually my Bitwarden faking a hardware key (I'm sure they'll start blocking BW because of this in the future) but it doesn't let me add a second one unfortunately.
Does this apply to anyone who verified their ID to get access to the slightly less restricted Codex versions, or only to security professionals who have the almost-entirely unrestricted version?