![]() ![]() With WebAuthn, the browser is an active participant of the authentication ceremony, and embeds the website's identity in the authentication challenge to be signed by the YubiKey. Even with 2FA codes from an authenticator app, an attacker has to trick only the human into entering the codes into a malicious website. You can use a YubiKey without using WebAuthn, but you cannot use an authenticator app with WebAuthn. WebAuthn (aka "security key") is much more secure than any other protocol today. I want to highlight an important distinction: not all 2FA is equal. ![]() if it was lost or stolen, nobody knows what accounts it is good for, unless someone specifically stole it from you, intentionally)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |