We're getting closer. Webauthn should be supported in all major browsers soon: https://caniuse.com/#search=webauthn A major usability issue is going to be designing the system so you can't...
We're getting closer. Webauthn should be supported in all major browsers soon:
A major usability issue is going to be designing the system so you can't (easily) lock yourself out. Though, for larger businesses the IT staff can handle it.
Holy fuck. This is the first time I'm hearing about something WebAuthn. It sounds like an amazing technology, beyond what my small mind could come up with in terms of secure logins. I think I see...
Holy fuck. This is the first time I'm hearing about something WebAuthn. It sounds like an amazing technology, beyond what my small mind could come up with in terms of secure logins.
A major usability issue is going to be designing the system so you can't (easily) lock yourself out.
I think I see what you mean (suppose you lose your WebAuthn USB key), but I'd like you to elaborate on what cases you foresee.
For example, Yubikey is a popular vendor for USB keys and I bought them for myself and family. An Android phone can itself be used as a key. I previously used Google Authenticator and managed to...
For example, Yubikey is a popular vendor for USB keys and I bought them for myself and family. An Android phone can itself be used as a key.
I previously used Google Authenticator and managed to lock myself out of Coinbase when I registered the Yubikey due to confusing UI. (For Google, adding a new second factor is in addition to the ones you already have, and this isn't necessarily true on other websites.) I was able to get back in through support by sending a copy of my driver's license.
No matter what device you use, whether it's a phone or something else, you need a plan in case you lose it or it breaks. This could be as simple as printing backup codes and storing them in a strong box, but this assumes you have a safe place to put stuff like that and remember where it is.
Also Yubikeys cost $20-30 each and it's a tough sell for people not familiar with them.
My favorite solution to this problem is a really elegant protocol called SQRL. Unfortunately it's the invention of one guy, not a company, and slick marketing isn't exactly his specialty. His...
My favorite solution to this problem is a really elegant protocol called SQRL. Unfortunately it's the invention of one guy, not a company, and slick marketing isn't exactly his specialty. His website looks like it was designed in 2001 and is full of comprehensive technical notes that laypeople would run screaming from. Though it's an open protocol, the only "official" client currently in existence is the Windows binary he coded himself. For these reasons I'm not confident we'll ever see mass adoption of it.
If Gibson could just get some mover-and-shaker tech companies onboard to design some pretty UIs, and some young attractive "influencers" showing how easy it is to use, I think a lot of people would get behind it. Sadly, the best technology often loses out to the most stylish.
Or, you know, someone with an actual experience in cryptography who also happens to be able to put words together in a pretty fashion. Someone like Chris Coyier comes to mind. (Not that I'm aware...
and some young attractive "influencers" showing how easy it is to use
Or, you know, someone with an actual experience in cryptography who also happens to be able to put words together in a pretty fashion.
Someone like Chris Coyier comes to mind. (Not that I'm aware of his cryptography credentials.)
If my study of silicon valley success stories has taught me anything, it's that this is a ripe opportunity to steal and profit off someone else's talent and hard work.
If my study of silicon valley success stories has taught me anything, it's that this is a ripe opportunity to steal and profit off someone else's talent and hard work.
We're getting closer. Webauthn should be supported in all major browsers soon:
https://caniuse.com/#search=webauthn
A major usability issue is going to be designing the system so you can't (easily) lock yourself out. Though, for larger businesses the IT staff can handle it.
Holy fuck. This is the first time I'm hearing about something WebAuthn. It sounds like an amazing technology, beyond what my small mind could come up with in terms of secure logins.
I think I see what you mean (suppose you lose your WebAuthn USB key), but I'd like you to elaborate on what cases you foresee.
For example, Yubikey is a popular vendor for USB keys and I bought them for myself and family. An Android phone can itself be used as a key.
I previously used Google Authenticator and managed to lock myself out of Coinbase when I registered the Yubikey due to confusing UI. (For Google, adding a new second factor is in addition to the ones you already have, and this isn't necessarily true on other websites.) I was able to get back in through support by sending a copy of my driver's license.
No matter what device you use, whether it's a phone or something else, you need a plan in case you lose it or it breaks. This could be as simple as printing backup codes and storing them in a strong box, but this assumes you have a safe place to put stuff like that and remember where it is.
Also Yubikeys cost $20-30 each and it's a tough sell for people not familiar with them.
My favorite solution to this problem is a really elegant protocol called SQRL. Unfortunately it's the invention of one guy, not a company, and slick marketing isn't exactly his specialty. His website looks like it was designed in 2001 and is full of comprehensive technical notes that laypeople would run screaming from. Though it's an open protocol, the only "official" client currently in existence is the Windows binary he coded himself. For these reasons I'm not confident we'll ever see mass adoption of it.
If Gibson could just get some mover-and-shaker tech companies onboard to design some pretty UIs, and some young attractive "influencers" showing how easy it is to use, I think a lot of people would get behind it. Sadly, the best technology often loses out to the most stylish.
Or, you know, someone with an actual experience in cryptography who also happens to be able to put words together in a pretty fashion.
Someone like Chris Coyier comes to mind. (Not that I'm aware of his cryptography credentials.)
If my study of silicon valley success stories has taught me anything, it's that this is a ripe opportunity to steal and profit off someone else's talent and hard work.