Yubikeys are a simple, robust USB form factor. Developed by people deeply involved in the FOSS and security communities.FOSS-friendly, entire software stack is open source and included in Debian (all enduser tools are also available on Mac OS X).Yubikey, as produced by Yubico is the most sensible hardware option: Hardware choice for an authentication token: The hardware design of the authentication tokens ensures that keys cannot be extracted, so in case of a compromised notebook the attacker does not have access to the second factor. If somone compromises a notebook of a user with cluster access, the attacker can steal the SSH key/passphrase and access the cluster. The important security property to gain is protection against compromised notebooks endpoint security is one of the biggest risks for the WMF cluster (especially on Mac OS X). The update also brings support for external authenticators, where applicable.Summarising some bits already mentioned at the offsite along with further tests done and a plan how to move forward (see below). This means that many many devices fingerprint sensors can soon be used for Webauthn authentication. Google with the FIDO alliance recently announced that Android upwards from 7.0 will become 'FIDO Certified' through a Play Services update. It also seems that Touch ID and Face ID can be used with Webauthn on Apple devices. As the market develops, the higher assurance provided by webauthn can be utilised in more depth. The obvious way to implement webauthn in Discord would be by allowing users to add their tokens as a second authentication factor.Ĭurrently there are only a few FIDO2 authenticators on the market, including the Yubico Security Key and the Yubikey 5 Series. Please add support for FIDO2 authenticators for use with two factor authentication. The new FIDO2 standard alongside other hardware backed authenticators are replacing the old FIDO U2F that only had bindings in Google Chrome, promising great interoperability. Webauthn is soon here, and with it comes a passwordless future.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |