Finalized FIDO 1.0 Spec Will Rid The World Of Passwords

Toggle sidebar Toggle sidebar
Status
Not open for further replies.
A

Anonymous333

Reputable
Dec 9, 2014
1
0
4,510
How does the second WIFI signal affect the data cap? Meaning I believe Comcast provided a cap on data per month, if you go over this they will want you up to 3 times then charge you extra for the extra data you use. Will this second WIFI signal eat into the customers data cap?
 
J

jrl657

Distinguished
Sep 8, 2006
12
0
18,510
What does a flaw in USB have to do with U2F? USB just carries the data created by the device plugged into it. The Data is a OTP or a short lived key to allow you to login to a site. Similarly bluetooth or NFC can carry the data. The data itself is only valid to the end app to prove you have the device it expects you to have and carries no info about you.
 
S

seabeebrian

Reputable
Dec 9, 2014
3
0
4,510
I've had a Yubico key for about a month now and use it exclusively for authentication with Google. I know it will work with lastpass but I have not yet set it up. So far I am impressed. I would love to see a list of services and websites that support it.
 
S

sathen07

Distinguished
Jan 6, 2011
7
0
18,520
Oh good, so now hackers WILL gain access to my home address, my financial information and now my personal biometric information . . .
 
InvalidError

InvalidError

Titan
Moderator
May 18, 2007
23,815
5,265
108,890
I might use such a device IN ADDITION to passwords for two/tri-factor authentication but not as a replacement since that would make it a potential single-point-of-failure in the whole security chain.

If you still have to remember a PIN, then that sounds like a failure to actually remove passwords since you still need to remember one in the form of a PIN. If the PIN is per-site, then this is about as annoying as passwords and if it is a global PIN, then you are boned if someone who knows your PIN steals your dongle.
 
S

serendipiti

Distinguished
Aug 9, 2010
152
0
18,680
(man in the middle attacks).
Let's suppose you get a phone call from your mother.
The voice is so bad you aren't able to recognize it. How can you assure she is your mother ? just ask her something only she will know. No matter if someone else can listen or talk, only your mother will know the correct answer.
 
ChronosVRdS

ChronosVRdS

Distinguished
Oct 21, 2014
33
1
18,530
U2F device? Hasn't USB been found to have a "fatal flaw"? Yeah that's more secure than passwords.
Click to expand...
And that's what happens when you only read the news highlights, USB has no "Fatal Flaw", yes there is a new attack and yes most of USB devices are vulnerable especially mass storage with upgrade firmware feature, but it doesn't affect every single USB device.
 
InvalidError

InvalidError

Titan
Moderator
May 18, 2007
23,815
5,265
108,890

If you have no endpoint authentication and end-to-end encryption, nothing stops the man-in-the-middle from initiating a call to both you and your mother or proxying your call to your mother, then intercept and modify communications between the two of you on-the-fly. If you ask your "mother" a question, the man-in-the-middle can repeat your question to your mother, pass her answer back and then go on with whatever else they want to say/ask.

Endpoint authentication (usually in the form of certificates combined with asymmetric key cryptography to setup an AES session key) is necessary to make sure your end-to-end encryption is really end-to-end.
 
A

alternativesurfer

Distinguished
Apr 22, 2011
2
0
18,510
Haven't we already determined that biometrics are a poor solution for passwords?
They work great as a username, but terrible as a password because they cannot be changed in the event someone manages to clone your fingerprint/retina scan/etc
 
Status
Not open for further replies.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom