FIDO2 – Page 3 – WindowsTechs.com

Can I use Yubikey to encrypt a file without PGP?

Posted on March 31, 2022 by Sergei Fomin

I have a Yubikey 5 Series and would like to use it to encrypt a file, so that a physical presence of my Yubikey would be required to decrypt it.
I know you can save a PGP key onto Yubikey and use it for this purpose. However, I am planning… Continue reading Can I use Yubikey to encrypt a file without PGP?→

Why are FIDO2 protected SSH keys affected by phishing attacks?

Posted on March 7, 2022 by student_at_work

The OpenSSH developers have written in a description of the "agent restrictions" feature that FIDO2 tokens are vulnerable to phishing attacks: https://www.openssh.com/agent-restrict.html

FIDO keys that require user-presence conf… Continue reading Why are FIDO2 protected SSH keys affected by phishing attacks?→

How could someone’s account that is secured by MFA Yubikey be compromised?

Posted on December 14, 2021 by Rideboards

Let’s say that I purchased a MFA Yubikey device to secure my accounts. If an attacker wanted to compromise my accounts that are secured with this YubiKey, would this be possible without having the actual device?
First let’s assume the atta… Continue reading How could someone’s account that is secured by MFA Yubikey be compromised?→

Can FIDO2 Authentication be used for native application?

Posted on November 22, 2021 by Eren

I’m currently working on a project, which has a Web API, which is to be consumed by a native application. For the sake of brevity, assume that the application cannot be re-written to be a Web Application.
Right now, user registration and a… Continue reading Can FIDO2 Authentication be used for native application?→

How exactly does the detection of a cloned FIDO2 credential work?

Posted on July 16, 2021 by Konsi

I am trying to understand the FIDO2 standard. I know that a Relying Party has to implement a mechanism that checks the counter of the respective credentials. Most of the time, a counter is stored in the database of the server, which has to… Continue reading How exactly does the detection of a cloned FIDO2 credential work?→

Why combining FIDO2 and PKI provides broader enterprise-wide security

Posted on June 2, 2021 by Julia Weaver

This past year’s seismic shift in how and where people access corporate resources has heightened the urgent need for organizations to upgrade the identity and authentication systems they rely on. That urgency isn’t likely to diminish anytime soon, according to a 2021 Gartner CIO survey. The survey found that 64% of employees at CIOs’ organizations are now able to work from home, and two-fifths are actually doing so, suggesting the landscape for authenticating users has clearly taken on new and more dynamic contours. But it’s not just people accessing enterprise resources. The transition to cloud-based services and the underlying automation supporting digital workloads have led to dramatic increases in the volume of non-human entities — virtual machines, mobile devices, applications, containers, and IoT/OT devices — all seeking their own access to enterprise resources independent of the end user’s identity. As a result, managing machine identities has also become part of […]

The post Why combining FIDO2 and PKI provides broader enterprise-wide security appeared first on CyberScoop.

Continue reading Why combining FIDO2 and PKI provides broader enterprise-wide security→

Why FIDO2 Is the Answer to Better Security

Posted on May 21, 2021 by Jim Black

Why FIDO2 Is the Answer to Better Security

Posted on May 21, 2021 by Jim Black

A groundbreaking increase in security incidents is affecting governments around the world. In light of this, the United States issued a formal order to implement a robust set of security measures designed to improve the security of federal systems. In his most recent executive order, President Biden acknowledged that the United States and many other governments around the world are facing increasing malicious cyberattacks. In order to prevent, and recover from security incidents, the President is pushing to significantly improve the government’s security stack, including the implementation of multi-factor authentication (MFA). In this post, I’ll discuss how the government’s plan to leverage MFA could be even better. Continue reading Why FIDO2 Is the Answer to Better Security→

Why isn’t U2F’s CTAP protocol forwards-compatible with FIDO2’s CTAP protocol?

Posted on April 7, 2021 by natevw

I’ve been trying to find the major differences between "U2F" versus "FIDO2" two-factor authentication standards. Reading some of the articles posted by different companies and even the FIDO site itself give the impressi… Continue reading Why isn’t U2F’s CTAP protocol forwards-compatible with FIDO2’s CTAP protocol?→

Avoiding Replay Attacks while Using FIDO2’s HMAC Secret to Encrypt Data

Posted on March 22, 2021 by 1283822

FIDO2’s HMAC Secret extension generates a symmetric secret that can be used to encrypt and decrypt data. HMAC secret’s output is based on
output1: HMAC-SHA-256(CredRandom, salt1)
Where salt1 is from the platform and CredRandom is generat… Continue reading Avoiding Replay Attacks while Using FIDO2’s HMAC Secret to Encrypt Data→