Android leading the way to mobile, password-less logins

This was an interesting read on Wired. FIDO2 support on a huge platform like Android will hopefully get Apple off it’s butt for iOS support of this standard. I hope it also pushes a lot more websites to support U2F. It would go a long way to making the web a much safer place.

I have a YubiKey which is a fantastic security tool when used with websites that support U2F. Unfortunately Chrome is the only browser that fully supports it out of the box. Firefox 57+ also supports U2F but it is not turned on by default. Most unfortunate is the lack of websites that support U2F. TOTP is security theater. It’s much better than SMS-based codes but not by much as it’s still very easy to spoof someone into giving up the right code. You’re still better off just using strong passwords.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: