But it’s definitely 2FA and it successfully protects against the attack vectors that adding a “something you have” factor is designed to protect against. You can argue my TOTP shared secret may or may not be secure enough from malware. If I install a TOTP generator on a machine and setup 2FA on a 3rd party service, and I then later login with a password and a 6 digit TOTP code, that is definitely 2FA. They are designing for a corner case which makes the primary case too complicated. It’s entirely unnecessary since both devices are already online. I don’t want to have to establish NFC or Bluetooth from my iPhone to my desktop to enable me to use my iPhone to authenticate on my desktop. If I’m adding a “something I have” factor to my authentication flow (or even making it the only factor) it’s going to be the phone hardware itself, not an extra dongle thing I have to carry around.įIDO’s upcoming CTAP unfortunately is going about it the wrong way, IMO. The days are numbered for this whole idea of a separate piece of hardware USB/NFC to do authentication. I trust the secure element on the iPhone a lot more than I trust the hardware on the Yubikey. sorry, it makes absolutely no sense at all. Using a hardware token to authenticate to an app on an iPhone makes about as much sense as. If I’m authenticating with “something I have” then why not use the iPhone itself which also happens to add a layer of “something I am” (FaceID) as well as easily supporting entry of something I know (PIN or password).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |