|
|
|
|
|
|
by mtgx
2886 days ago
|
|
|
But U2F is used as a 2nd factor, because you still need the password. Are you saying we should give up both passwords and U2F keys when WebAuthn is mainstream? Would that really provide just as good security, or do you think it's 90% of the way there, so might as well keep it single-factor? |
|
|
Webauthn allows (but does not require) a mode where the key is a single-factor (i.e. acts as both username and authenticator). You need FIDO2 keys for that and we plan to support it in Chrome. Sites will decide whether that makes sense for them.