Email or username:

Password:

Forgot your password?
scy's posts Post Back to profile
Top-level
scy

@cy Yeah, I was reading about this in, let's say, chronological order. Which means I learned about U2F first, then went on with FIDO2, got sidetracked and read about passkeys 🙃

So, can I assume from your reply that FIDO2 ND keys work basically the same like U2F? Any relevant differences?

23 March at 19:27 | Open on chaos.social
3 comments
Chris

@scy u2f is only usable as 2nd factor, as you said before. Fido2 forces "user verification", like at least clicking the key to show you are at the machine physically (as in MFA, "own" the key), whereas u2f works without (there are u2f keys without button).
aside of that the ctap protocol is different, so the handling of the authenticator on the client machine. Afaik there is more configuration the server admin can force on the client, like which authenticators are allowed.

24 March at 6:03 | Open on chaos.social
Chris

@scy if you only use passkey as second factor, you should be fine with an old u2f device
(While still being phishing proof, in comparison to all the totp and notification apps).

24 March at 6:07 | Open on chaos.social
Go Up