This sounds good and bad at the same time. I love the idea of not passing credentials that can be compromised. On the other hand I’m not sure if I like the idea of not needing to enter credentials to get on websites and apps.
https://9to5google.com/2019/02/25/android-fido2-password-google/
Yubikey Neo offers multiple 2FA types. Check out the web site and youtube videos.
@g-aitc I did see that their 5th gen keys are FIDO2.
It makes sense to me to have a secondary device that you use for authentication. With the phones, the phone is the device. I might be missing something, but having the device that you’re using to access whatever being the authenticator seems a little insecure.
1 Like
Yes you did, FIDO2 is supported. YubiKey 5 Series supports multiple protocols including FIDO2, U2F, PIV, Yubico OTP, and OATH HOTP. for more technical info http://cybersimplenoid.com/ and https://developers.yubico.com/yubico-pam/
If you are considering going passwordlesss with a FIDO2 solution you will find that you will provide a PIN code. Whilst a PIN code may share some aspects of a password, it can be considered more secure as the code is only authenticated locally from the device (external authentication of the PIN code poses similar risks to passwords), and the PIN code is just to allow the FIDO base solution to still count as MFA authentication (and hence allow you to log in without a password).
1 Like