Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.

FIDO2: The Dream Of Password-Free Authentication On The WWW

posted by Fnord666 on Thursday September 26 2019, @08:59AM   Printer-friendly
from the woof-woof dept.

upstart writes:

Submitted via IRC for SoyCow1337

FIDO2: The Dream Of Password-Free Authentication On The WWW

Of all the things which are annoying about the modern World Wide Web, the need to create and remember countless passwords is on the top of most people’s lists. From dozens of passwords for everything from social media sites to shopping, company, and productivity-related platforms like Github, a large part of our day is spent dealing with passwords.

While one can totally use a password manager to streamline the process, this does not absolve you from having to maintain this list and ensure you never lose access to it, while simultaneously making sure credentials for the password manager are never compromised. The promise of password-less methods of authentication is that of a world where one’s identity is proven without hassle, and cannot ever be stolen, because it relies on biometrics and hardware tokens instead of an easily copied password.

The FIDO2 project promises Web Authentication that means never entering a password into a website again. But like everything, it comes with some strings attached. In this article, we’ll take a look at how FIDO2 plans to work and how that contrasts with the state of security in general.

Original Submission

 
This discussion has been archived. No new comments can be posted.
FIDO2: The Dream Of Password-Free Authentication On The WWW | Log In/Create an Account | Top | 34 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Thursday September 26 2019, @09:10AM (4 children)

    by Anonymous Coward on Thursday September 26 2019, @09:10AM (#899031)

    Passwords work for me.

  • (Score: 0) by Anonymous Coward on Thursday September 26 2019, @12:00PM (3 children)

    by Anonymous Coward on Thursday September 26 2019, @12:00PM (#899056)

    Passwords aren't working for me. :-(

    I don't need them when sshing here and there. Why should I need them anywhere else?

    If you're worried about lizard firmware on authentication devices, there's the SoloKey Hacker for example. Compile and load up your own firmware. Any other open authentication devices out there?

    • (Score: 3, Insightful) by The Mighty Buzzard on Thursday September 26 2019, @05:41PM (2 children)

      by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Thursday September 26 2019, @05:41PM (#899218) Homepage Journal

      If your ssh priv keys aren't passworded, you're too big of an idiot to be allowed access at all.

      --
      My rights don't end where your fear begins.

      • (Score: 1, Insightful) by Anonymous Coward on Thursday September 26 2019, @05:52PM (1 child)

        by Anonymous Coward on Thursday September 26 2019, @05:52PM (#899226)

        that was a little over the top TMB. the poster could have meant they didn't have to enter passwords all the time. says nothing about whether the keys were created with passphrases.