Collaborate Disseminate
I’ve been trying to find the major differences between "U2F" versus "FIDO2" two-factor authentication standards. Reading some of the articles posted by different companies and even the FIDO site itself give the impressi… Continue reading If FIDO2 just adds WebAuthn to CTAP why are only some keys compatible? [closed]
Researchers can now made software copies of Google’s “unclonable” Titan security keys – but not yet undetectably. Continue reading Google Titan security keys hacked by French researchers
I am currently investigating the idea of implementing FIDO2 (WebAuthN) support in native iOS using Swift. I understand that there is no FIDO2 support in native iOS, and only available through Safari native app, but Safari is not an option … Continue reading Implementing FIDO2 (WebAuthN) in Native iOS
Correct me if I am wrong, please.
I understand that 2FA (MFA) increases account security in case an attacker obtains a password which might be possible via various ways, e.g. phishing, database breach, brute-force, etc..
However, if the ho… Continue reading Are hardware security keys (e.g ones supporting Fido2) "able to protect authentication" even in case of compromised hosts?
I’m getting conflicting information on how the security keys are stored and used. Where are the public and private keys stored? If the private key is stored on the Yubikey itself, how many can it hold?
If the both keys are stored on the se… Continue reading Where are FIDO U2F Keys Stored?
I am a part of an organization that is developing a website that required user authentication, and we are strongly considering FIDO compliance.
However, our use case requires users to be able to log-in from shared computers (i.e. father an… Continue reading Can FIDO be implemented for a Use Case which Allows the Use of Shared Devices?
I’m new to FIDO2 specification.
I’m aware that Android and IOS devices support FIDO2 protocols (even Android phones could act as a physical key for FIDO2 authentication).
However, Could anyone let me know that, when we use the platform aut… Continue reading FIDO2 – Where do Android and IOS platform authenticators store private key credentials?
In episode 118 for April 27th 2020: A discussion about the end of passwords and what the future may hold with special guest Andrew Shikiar executive director of the FIDO Alliance. ** Show notes and links mentioned on the show ** Find out more about the… Continue reading The End of Passwords as We Know It
OpenSSH version 8.2 introduced support for FIDO/U2F hardware authenticators, via the new public key types “ecdsa-sk” and “ed25519-sk”.
I currently have SSH authentication set up in combination with gpg subkeys by using my security key in … Continue reading Benefit of using OpenSSH FIDO/U2F support over GPG mode?
OpenSSH version 8.2 is out and the big news is that the world’s most popular remote management software now supports authentication using any FIDO (Fast Identity Online) U2F hardware token. Continue reading OpenSSH eases admin hassles with FIDO U2F token support