Does Nash plan to integrate the use of hardware authenticators such as Yubikey on the platform? Does the Nash team feel like having this would be worthwhile and add further security to users accounts?
I would be interested to hear the thoughts from the team as well as the communities thoughts on hardware authentication keys, as well as its hypothetical integration with the Nash ecosystem.
Hardware keys like YubiKey offer excellent security and everyone at Nash is obliged to use them. They render phishing attacks impossible. However, for everyday users they are too expensive and complicated: two keys are required in case one gets lost, and there can be compatibility issues with mobile devices.
We are foremost interested in providing solutions that are accessible to anyone, so our next upgrade will involve device registration and push-based 2FA. This will offer a high level of security and will be very convenient for users.
Nonetheless, we do want to add hardware keys as a 2FA option in future to meet the needs of institutional users.