|
|
|
|
|
|
by mimming
2888 days ago
|
|
|
It’s not as big of a deal as you might expect because: - The spec requires providers to allow independent addition / removal of multiple keys per account, so it’s easy to manage backup U2F keys. - Providers can use any backup authentication method they want. This includes SMS codes, TOTP / HOTP apps, email resets, or maybe VCing in to tech support. And even if the backup method is less awesome (e.g. sms codes) it still reduces your risk because because you use it less often. [edit for formatting] |
|
|