HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Snc

no profile record

comments

Snc
·4 lata temu·discuss
If you're on OpenBSD then you're likely a person that skews more towards security on a security/usability spectrum than the average person. May I ask why you'd prefer passwords or magic links over WebAuthn with something like a Yubikey that's permanently attached to your Thinkpad?
Snc
·4 lata temu·discuss
FIDO traded off convenience for security, and is incrementally building back usability features to what will hopefully be a more secure world. In particular, I'd be rather concerned about using passwords in most of the scenarios you describe where the OS is adversarial.

The FIDO Alliance made an announcement last week where major vendors commit to expanding support for multi-device FIDO credentials ("Passkeys") and using a phone as a roaming authenticator (This is admittedly another device). Both of which significantly mitigate your concerns without any security tradeoffs. See https://fidoalliance.org/apple-google-and-microsoft-commit-t...
Snc
·4 lata temu·discuss
Note that these terms are not strictly comparable. USB-C is just a connector specification. There are many protocols that utilize USB-C: USB 3.2, USB4 and Thunderbolt being some of them.
Snc
·4 lata temu·discuss
While roaming authenticators are indeed separate devices, platform authenticators aren't; they're built into your existing device. If you're using a MacBook, you already have a Secure Enclave which you access through TouchID.
Snc
·4 lata temu·discuss
WebAuthn does not pass any biometrics to relying parties. Rather CTAP, which stands for Client to Authenticator Protocol, is responsible for brokering credentials* between your authenticator (TouchID, Yubikey, your phone in the near future) and the client (in the case of WebAuthn and TFA this would be the browser).

In most of cases, typically not even the operating system sees your biometrics; only the firmware in your authenticator does.

* These are 256 bit keys for ECDSA/EdDSA or (rarely) >2048 bit keys for RSASSA. Not biometrics.