If you don’t need a PIN for your card in Apple Wallet and don’t need a PIN to use Apple Wallet, how is that safe?

I’ve just added a card to my Apple Wallet and noticed that I didn’t need a PIN. Now since Apple Wallet is apparently already "secure", I don’t need a PIN to use it either.
Is this a loophole or am I missing something?

Continue reading If you don’t need a PIN for your card in Apple Wallet and don’t need a PIN to use Apple Wallet, how is that safe?

How do Yubikeys improve security if I am typically also forced to enable other, weaker 2FA methods?

It is typically recommended to enable 2FA wherever possible. Moreover, it is typically recommended to enable not just any 2FA method, but Yubikeys in particular.
Yubikeys are considered to be the strongest available 2FA method. They are ni… Continue reading How do Yubikeys improve security if I am typically also forced to enable other, weaker 2FA methods?

github is insisting on 2FA, with no recovery if you lose recovery keys. Does their app on the same phone help at all if the phone is lost?

Github has just insisted on 2FA, and promptly warns that if you lose your phone, you will lose your access forever if you don’t have the access recovery keys. For me, this is a bigger risk than someone attacking me. I can easily envision m… Continue reading github is insisting on 2FA, with no recovery if you lose recovery keys. Does their app on the same phone help at all if the phone is lost?