Collaborate Disseminate
The description for the FineTech FPS00200 USB fingerprint sensor mentions that it does support Windows Hello specifically, but it does not mention FIDO2 more generally. But then FWIK Windows Hello implements FIDO2 (WebAuthn) and more.
So c… Continue reading Can a USB fingerprint sensor support Windows Hello but not FIDO2
The description for the FineTech FPS00200 USB fingerprint sensor mentions that it does support Windows Hello specifically, but it does not mention FIDO2 more generally. But then FWIK Windows Hello implements FIDO2 (WebAuthn) and more.
So c… Continue reading Can a USB fingerprint sensor support Windows Hello but not FIDO2
Is PSD2’s Strong Customer Authentication requirement possible to satisfy with secure 2FA solutions, such as TOTP and WebAuthn?
For the purposes of this question, I’m classifying all systems where an OTP has to be transmitted as "insec… Continue reading Is 3DS compatible with secure 2FA technologies? (TOTP, WebAuthn)
Why does FIDO2’s spec not mention FIDO UAF as a related standard? I wonder if FIDO UAF is still relevant. Will FIDO UAF be deprecated eventually in favor of FIDO2? Why do they co-exist if they fulfil the same purpose?
What I already know:
… Continue reading Why does FIDO2’s spec not mention FIDO UAF as a related standard? [duplicate]
I’m experimenting with adding passkeys to Drupal.
I’m using webauthn-lib 4.7.
When registering a passkey, the device generates a Public Key Credential, which is then sent to the server as stringified JSON:
{
"publicKeyCredentialId&q… Continue reading Webauthn: Access control for the public key credential uploaded by the user’s device
So, before this year, when you were using WebAuthN to create security keys on an up to date Android phone (Pixel 6 in my case), you had these options (iirc):
When creating a platform authenticator, you were offered Fingerprint/Passcode. Wh… Continue reading Did Android remove Fingerprint/Passcode for WebAuthN and lower security to push Passkeys?
Passkeys seems great for me as an individual, instead of passwords and TOTP tokens I can now slowly ditch the passwords and the somewhat annoying (but important!) TOTP tokens which I have locked in my phone.
I have read that passkeys will … Continue reading Are passkeys a secure replacement for 2FA?
What alternatives for authentication and authorization technologies besides OAuth, SAML, OpenID Connect, and WebAuthn can be used for cloud apps?
I am currently writing my thesis and would like to look into the future and see if there are … Continue reading alternatives for OAuth, SAML, OpenID Connect, and WebAuthn [closed]
User verification in WebAuthn can either be required, preferred, or discouraged. The last two are a hint to the authenticator that may be ignored. I see how they could be used to prevent client-side user verification if the server has alre… Continue reading What is the point of required user verification in WebAuthn?
We’re wanting to support out-of-the-box digital currency wallets for user’s of our web app.
We have passkeys / webauthn working and would ideally like to associate these credentials with wallet access.
Wallets should be self custodial with… Continue reading Passkeys WebAuthN PRF extension to encrypt/decrypt private key of non-custodial wallet