Email or username:

Password:

Forgot your password?
Top-level
Chris

@scy NVM should have gone further down your thread 🙂

4 comments
scy

@cy Yeah, I was reading about this in, let's say, chronological order. Which means I learned about U2F first, then went on with FIDO2, got sidetracked and read about passkeys 🙃

So, can I assume from your reply that FIDO2 ND keys work basically the same like U2F? Any relevant differences?

Chris

@scy u2f is only usable as 2nd factor, as you said before. Fido2 forces "user verification", like at least clicking the key to show you are at the machine physically (as in MFA, "own" the key), whereas u2f works without (there are u2f keys without button).
aside of that the ctap protocol is different, so the handling of the authenticator on the client machine. Afaik there is more configuration the server admin can force on the client, like which authenticators are allowed.

Chris

@scy if you only use passkey as second factor, you should be fine with an old u2f device
(While still being phishing proof, in comparison to all the totp and notification apps).

Go Up