|
|
|
|
|
|
by level3
3306 days ago
|
|
|
The nice thing about the protocol is that the client-side app can actually be replaced. All you need is something that will manage the private key(s) and properly respond to the authentication challenge through the protocol handler. So the average user can stick with the default app, while anyone who wants more security can opt for a vault-based version. This is similar to the current state of affairs with passwords, where users can opt to use password managers. The important thing is that sites make the shift to a challenge-based protocol. Once that's done, there are lots of different ways of implementing the client-side app, all with different trade-offs. For example, you could replace the master password with a fingerprint. |
|
|