Does this apply to anyone who verified their ID to get access to the slightly less restricted Codex versions, or only to security professionals who have the almost-entirely unrestricted version?
No, that would almost certainly defeat the point of selling the models.
Hardware 2FA is not a new concept and is recommended by many people for many purposes. Only the authentication token is attested, and that is the purpose of an authentication token.
> No, that would almost certainly defeat the point of selling the models.
If the best models are so anticipated that people do anything to get them, seems like remote attestation fits perfectly here. There is no need to use it for lower quality models which are used by masses. Instead, it even works for marketing narrative where they do everything they can that their great models are used only those devices they allow, and no <name your country> can't easily use them. Maybe even helps setting higher price.
I tried enabling their "advanced security" programme on my account and it's currently refusing to continue without at least 2 keys configured.
The first "hardware key" is actually my Bitwarden faking a hardware key (I'm sure they'll start blocking BW because of this in the future) but it doesn't let me add a second one unfortunately.
It’s a security feature, Apple does the same when you register a security key. You must register two.
If you’re using real yubikeys, it’s protection against losing one. If you had two from the start, you’re not at risk of losing your only way into your account when one goes missing or is stolen.
Seriously though if you are letting agents do whatever they want without a PR process that requires hardware authentication or proof of presence, you are putting your code and your org at high risk.
> want without a PR process that requires hardware authentication or proof of presence
Just curious, what do you use for this?
I built OTP Guard [1] a few years ago for exactly this problem, although I haven't seen any alternatives in the space. Does GitHub have something built-in now?
The original framing was more "local malware compromising your GitHub account" ... it never occurred to me that the malware could be a LLM. I really should update the page.
0) agent gets its own separate git user and ssh key, separate from mine
1) branch protection rules on main, only I can approve merges into main
2) any other ssh key uses (interactive login, direct git access, etc.) are ed25519-sk keys and require a touch on yubikey.
TBH, the biggest hole is that it can be unclear exactly what process is requesting a touch on the yubikey. Apple has a head start here because they can lock down the TouchID UX relatively well, but unfortunately they don’t seem to care about building a polished developer experience for 2FA on sensitive tasks.
They are probably waiting for someone else to build the right solution and then copy/steal it.
Interestingly, I had to switch to my unpaid OpenAI account to access it. I suspect this is because my paid account is registered to a custom.com email address.
rahidz | 6 hours ago
Zenul_Abidin | 5 hours ago
nicce | 6 hours ago
gustavus | 5 hours ago
inigyou | 5 hours ago
Hardware 2FA is not a new concept and is recommended by many people for many purposes. Only the authentication token is attested, and that is the purpose of an authentication token.
nicce | 5 hours ago
If the best models are so anticipated that people do anything to get them, seems like remote attestation fits perfectly here. There is no need to use it for lower quality models which are used by masses. Instead, it even works for marketing narrative where they do everything they can that their great models are used only those devices they allow, and no <name your country> can't easily use them. Maybe even helps setting higher price.
inigyou | 5 hours ago
3form | 5 hours ago
nicce | 5 hours ago
UltraSane | 5 hours ago
random3 | 6 hours ago
jeroenhd | 5 hours ago
The first "hardware key" is actually my Bitwarden faking a hardware key (I'm sure they'll start blocking BW because of this in the future) but it doesn't let me add a second one unfortunately.
netruk44 | 5 hours ago
If you’re using real yubikeys, it’s protection against losing one. If you had two from the start, you’re not at risk of losing your only way into your account when one goes missing or is stolen.
jmole | 5 hours ago
Seriously though if you are letting agents do whatever they want without a PR process that requires hardware authentication or proof of presence, you are putting your code and your org at high risk.
kirab | 5 hours ago
More interesting than that even, a tier of YubiKeys that does not exist outside of this cooperation.
The supported features sit between a YubiKey 5C and a Security Key C and I did not find any other way to purchase this tier.
jallmann | 5 hours ago
Just curious, what do you use for this?
I built OTP Guard [1] a few years ago for exactly this problem, although I haven't seen any alternatives in the space. Does GitHub have something built-in now?
The original framing was more "local malware compromising your GitHub account" ... it never occurred to me that the malware could be a LLM. I really should update the page.
[1] https://otpguard.com
jmole | 5 hours ago
0) agent gets its own separate git user and ssh key, separate from mine
1) branch protection rules on main, only I can approve merges into main
2) any other ssh key uses (interactive login, direct git access, etc.) are ed25519-sk keys and require a touch on yubikey.
TBH, the biggest hole is that it can be unclear exactly what process is requesting a touch on the yubikey. Apple has a head start here because they can lock down the TouchID UX relatively well, but unfortunately they don’t seem to care about building a polished developer experience for 2FA on sensitive tasks.
They are probably waiting for someone else to build the right solution and then copy/steal it.
toomuchtodo | 4 hours ago
https://news.ycombinator.com/item?id=13635798
UltraSane | 5 hours ago
alberth | 5 hours ago
kreitter | 3 hours ago
https://www.yubico.com/store/partner/openai/
Interestingly, I had to switch to my unpaid OpenAI account to access it. I suspect this is because my paid account is registered to a custom.com email address.