Question for everyone cheering adoption of opt-in or even mandatory U2F: is there a guarantee sites can't prevent use of soft U2F?
I wonder about things like banks giving you a physical usb device and requiring you to use its key.
-
-
They could, but it'd break spec and require them to somehow get the private key. Most U2F keys don't release that ever.
-
No, it only requires them to have the public key.
-
Right. Ooops.
-
Problem then is accumulation of tons of physical devices you have to carry, & incompat with devices that can't access hw (like strict vm).
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.