What's your recomm for a site building password-less support? Using resident keys (i.e. username-less), or non-resident asking the user for username? Issue with resident is storage. You can store 25 keys on a yubikey/50 on a solokey.
-
-
-
Username + non-user-verifying security key is only single factor auth, which isn't great. (Although is safe from phishing.) Also, disclosing credential IDs w/o passwords allows harvesting and then identification of tokens given momentary physical possession.
- Još 2 druga odgovora
Novi razgovor -
-
-
I'm just wondering how to effectively deal with revocation if you have a lot of resident keys linked to a security key, and you're worried somebody might successfully copy your biometrics or whatever (not that unreasonable).
-
The regular-user recovery case for a lost security key (which loosing security key + copying biometrics is a subset of) isn't great at the moment. Things are a lot more reasonable in an enterprise environment where there's high-touch help available.
- Još 2 druga odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.