Techly NewsGet the app

Get the latest tech news

A Tour of WebAuthn


is book was distributed at the FIDO Authenticate conference in 2024. Its intended format was as a PDF, which you can find here.

Cloning a security key is supposed to be very difficult but, if you assume someone managed to do it (probably destroying it in the process), then one could create a working replica which could be slipped back into the possession of the legitimate user, leaving them unaware that anything has happened. Authenticating employees with just a password in this day and age is bordering on negligence and, unlike code-based second factors (whether delivered over SMS or from an app on a phone), security keys aren’t phishable. The security key is always free to decide that it doesn’t want to return enterprise attestation for any request, and the feature is disabled by default and must be explicitly enabled with an authenticatorConfig command after purchase, and after each reset (see here).

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Tour

Tour

Photo of WebAuthn

WebAuthn

Photo of adam langley

adam langley

Related news:

News photo

Show HN: Replace CAPTCHAs with WebAuthn passkeys for bot prevention

News photo

Pokémon Go's next season has a Black and White theme, leading into next year's Go Tour

News photo

End-to-End Tour of Text Layout/Rendering (2015)

« How to use chatGPT on your iPhone
ChatGPT access has recovered after an outage Thursday afternoon »