|
|
|
|
|
|
by Ajedi32
3026 days ago
|
|
|
Part of the problem is that, assuming you didn't know much about how U2F works, it seems pretty natural for a site to request access to your YubiKey in order to use it to authenticate you. While its obviously not a total solution, I do think that maybe the permissions prompt should be a bit more scary: https://developers.google.com/web/updates/images/2016-03-02-... I'd rephrase that to something more along the lines of "example.com wants full control of". Maybe with an option for device manufacturers to opt-in to support for WebUSB, allowing for protocol enhancements to improve security and a less scary permissions prompt. |
|
|
