How do you feel about U2F keys?
>>55614597
Too cumbersome to use imo.
Why isn't there a small device like the battle.net authenticator that can generate TOTPs for services like Google or Paypal?
>>55614725
How are they too cumbersome to use?
I'd rather have a tiny little usb device on my keychain then some stupid block with a lcd display.
Have otp, dont care lol
>>55614762
because they dont work with phones. so you have to use the key with pcs and an annoying authenticator app with mobile
>>55614725
Because they can do easier 2-factor authentication simply by texting your phone, they don't need to develop any hardware, and the burden of security is mostly on the phone's OS, assuming the app isn't coded by complete retards.
>>55614762
Having some of these Fido U2F keys are less cumbersome than having a draw full of RSA code keys. Working in the finance industry you get used to have about 5-6 of them.
>Pic related
>>55614795
Actually there are some that work with NFC.
>>55614802
The hardware kind of already exists with SecurID and the like. Those are just aimed at businesses.
Not using your phone makes it more secure because there are several more ways to compromise a phone than a hardware authenticator.
Wouldn't it be possible to generate a keypair, give the public key to all the services you want to login to and then use some kind of timestamp as the challenge to login.
>>55614858
Also its relatively easy for someone to defraud you by tricking your service provider into creating a sim with your number with basic social engineering.
>>55614806
RSA sends all their encryption to keys to the NSA.
>>55614597
I own one, wish I would have bought the more expensive NEO. It doe NFC unlocks for your cell phone, and One time passwords, and username and passwords.
The U2F literally only does 2FA
>>55614990
That's the company's problem kek
>>55614597
>blue
they sucks
>>55615013
Do you prefer it over whatever method you used before?
>>55614905
wouldn't you still get the 2fa texts that someone else generated tho?
>>55615925
Your SIM would probably be disabled when the new one was created
>>55614597
I use a regular Yubikey but a U2F key really offers me no tangible advantage since I already use a password manager.
>>55615970
so you'd know pretty much right away that someone had stolen your phone number? sim cloning used to be a thing.
>>55614597
So its a google chrome only solution with limited use to specific services like google mail? Sounds like it fits a very specific niche.
Now if you were to be able to, say.. generate a number using a fingerprint or your eyes, and use that as part of the two part authentication, that would be kewl.
