~whynothugo/whynothugo.nl#11: 
Article: On 2fa

I've had an article on 2fa pending for months. Trying to consolidate all notes here.

Status
REPORTED
Submitter
~whynothugo
Assigned to
No-one
Submitted
10 months ago
Updated
10 months ago
Labels
No labels applied.

~whynothugo 10 months ago

https://www.yubico.com/blog/a-day-in-the-life-dispelling-the-myths-of-mobile-authentication/

~whynothugo 10 months ago

#Passkeys

A few weeks ago, Apple announced Passkeys, shortly followed by MS, and now Google. Passkeys are a TERRIBLE idea, and it worries me that for-profit companies try trying to portray them as something that's good for consumers when it's quite the opposite.

Passkeys are far less secure than REAL (hardware) 2FA, in most cases add little to no security, are an excellent vector for vendor lock-in, and have enormous risks by handling secure material ONLY on internet connected devices.

In this article, I cover each of these items in full detail.

https://developer.apple.com/passkeys/

https://www.ftsafe.com/Products/FIDO https://www.ftsafe.com/Products/FIDO/Bio

https://www.passkeys.io/

Register here or Log in to comment, or comment via email.