HackerTrans
TopNewTrendsCommentsPastAskShowJobs

drhuseynov

no profile record

comments

drhuseynov
·2 ปีที่แล้ว·discuss
yes, that is for "usernameless" login, in addition to passwordless. Does not increase security, improves usability a bit
drhuseynov
·2 ปีที่แล้ว·discuss
Sorry I was not clear. Cards have NFC in any case. What is missing in cards is USB
drhuseynov
·2 ปีที่แล้ว·discuss
JavaCardOS can run in a USB-form factor as well. But that will not be 5USD. https://usasmartcard.com/usb-token/?page=1

In addition to FIDO2, you can add java applet for OpenPGP (also open source), TOTP (https://github.com/JavaCardOS/Oath-Applet) and PIV/smartcard (open source as well). I tell you more - there are tons of JavaCardOS compatible applets available on github etc.
drhuseynov
·2 ปีที่แล้ว·discuss
Not $1, but you can get a JavaCardOS card and upload a FIDO applet yourself

https://github.com/token2/pin_plus_firmware https://github.com/BryanJacobs/FIDO2Applet

Probably will cost 5USD
drhuseynov
·2 ปีที่แล้ว·discuss
There are systems supporting WebAuthn as the primary method, such as Gmail or M365. The systems requiring OTP or SMS as a backup are just examples of bad security design. Still, even if you have OTP as a backup, and FIDO2 as primary - it reduced phishing attack surface to a certain extent
drhuseynov
·2 ปีที่แล้ว·discuss
Factory-programmed ones are for systems supporting secret key import, i.e. Microsoft Entra ID . It is not for replacing your Authenticator apps (although based on the same algorithm, TOTP).
drhuseynov
·2 ปีที่แล้ว·discuss
FIDO2 Security keys should be considered good "hardware tokens" now , more phishing-resistant than TOTP
drhuseynov
·2 ปีที่แล้ว·discuss
Small clarification: SSH functionality is a part of FIDO stack (if you meant ecdsa-sk & ed25519-sk )
drhuseynov
·2 ปีที่แล้ว·discuss
There are fido2.1 keys with 300 resident key storage :

https://www.token2.com/shop/category/pin-release2-series
drhuseynov
·2 ปีที่แล้ว·discuss
In case anyone is looking for a desktop app to replace Authy, the authy-migration tool from token2 supports exporting TOTP seeds in WinAuth compatible format (use .wa.txt for export file name). Then in WinAuth (https://winauth.github.io/winauth/index.html) , just import that file.
drhuseynov
·3 ปีที่แล้ว·discuss
An offtopic - since you mentioned hardware. It is better to invest in phishing-resistant FIDO2 devices and try to avoid OTP wherever possible.
drhuseynov
·3 ปีที่แล้ว·discuss
ssh and pgp keys are not based on the similar functionality.

the keys from Token2 support *-sk key storage

https://www.token2.com/site/page/using-token2-fido2-security...

But not PGP