Collaborate Disseminate
I’ve implemented second factor authentication for my web app via FIDO U2F, and am testing using a Yubikey.
I have read that it is best practice to associate multiple hardware keys in case one is lost, but I wanted to know what the security… Continue reading How to best support multiple hardware keys (yubikeys, etc.) as a web app?
After generating an OpenSSH EC key on a hardware security key:
$ ssh-keygen -t ed25519-sk -C comment
Is it possible to use this key with Google Chrome SSH applet or Mosh, in particular on non-Linux machines where there is no ssh command a… Continue reading Is it possible to use an ed25519 security key with Google Chrome SSH applets?
If I have a security key (U2F key) like yubikey and use it on websites A and B and the owner of these two websites is the same, can the website owner know that I am the same user?
Continue reading Is a USB security key trackable among websites?
U2F devices store an internal counter to resolve a challenge and the counter value is sent back to the server (source).
I think the counters on the server and on the client must go out of sync from time to time, the internet connection jus… Continue reading How do u2f devices manage to not go out of sync?
My google-foo failed me as most "how it works" sections related to fido are very… let’s say… consumer-oriented.
So openssh supports U2F natively when using the appropriate elliptic-curve-based cipher (namely ed25519-sk and th… Continue reading How does ed25519-sk actually works?
I’ve been trying to understand U2F and still don’t see why it’s more secure than ordinary OTP in some instances.
For example if I log into a website with a password and an OTP generated by Google Authenticator (for example) on my phone. Ho… Continue reading How exactly is U2F more secure than OTP?
I’ve been trying to understand U2F and still don’t see why it’s more secure than ordinary OTP in some instances.
For example if I log into a website with a password and an OTP generated by Google Authenticator (for example) on my phone. Ho… Continue reading How exactly is U2F more secure than OTP?
I’ve been trying to find the major differences between "U2F" versus "FIDO2" two-factor authentication standards. Reading some of the articles posted by different companies and even the FIDO site itself give the impressi… Continue reading Why isn’t U2F’s CTAP protocol forwards-compatible with FIDO2’s CTAP protocol?
I have a Yubikey 5, I can store a PGP key inside, it has OTP abilities, FIDO, NFC, etc… Which is great for a device like this.
First of all, I understand how a smart card is more secured than an app/sms based OTP for instance, but seeing… Continue reading Why would a U2F key be more secured than an OTP device?
I’ve been trying to find the major differences between "U2F" versus "FIDO2" two-factor authentication standards. Reading some of the articles posted by different companies and even the FIDO site itself give the impressi… Continue reading If FIDO2 just adds WebAuthn to CTAP why are only some keys compatible? [closed]