I'm starting to like things that use WebAuthn. I use it with Windows Hello (stores the key in the TPM, access controlled by biometrics) and with GitHub's SoftU2F on Mac, which stores the keys in the keychain and provides an emulated U2F device. In both cases, the credentials are more secure than a password stored in a key manager. The macOS version is less secure, because a root compromise can extract the key, but a compromise of my account can only do online attacks, it can't exfiltrate the key on either version (WebAuthn shares a public keypair and each login just signs something with the private key that can be validated by the public key).
(Score: 3, Interesting) by TheRaven on Monday March 30 2020, @03:43PM
sudo mod me up