I bought a yubikey neo back in October and have been using it with Google's U2F implementation. I think that this is a smart way to go security-wise and I am glad to see that Google is making it easier to take advantage of. You can also opt for the less expensive yubikey standard if you don't have a need for the Near Field Communications (NFC) capability on the yubikey.
So I found this posting to be a bit swear-y (you've been warned), but otherwise on the money.
The final paragraph nails it (I have definitely seen my share of those 'success' messages:
Above all else, have a wonderful holiday season and give your teams a break until the code freeze is lifted in mid-January. Then you can get back to shoving Agile on people, making them work 60 hours a week again and then having your directors send “we did it the Agile way!!!!†success messages after the project you executed took production offline, took twice as long to finish and cost 3 times as much.
So Happy New Year! 2014 was filled with ups and downs (as to be expected). Hopefully, 2015 will see projects successfully completed and new directions explored. Coming into the new year with a bit of flu has been kind of a drag, but things should start picking up again in a few days.
Password-generating tools like LastPass, 1Password, RoboForm, and others are a mainstay of browser accessories, and are often recommended by security experts because they can help create and manage “strong” passwords. “Strong” refers to passwords that are difficult for hackers and computers to guess. Google's effort, if it makes it into the regular version of Chrome, could encourage other browser makers to build password generators and make the field more competitive.
1Password has the advantage that it is multi-platform and not tied to a single browser, which I consider to be a very good thing. Having each browser create its own incompatible password manager would be even worse that each browser having its own incompatible HTML interpreter.
YubiKey Neo[/caption]Outstanding detailed article on using two-factor authentication with the Mac OS X operating system. Note that there is a lot of good follow up in the comments section as well.
