|
|
|
|
|
|
by taftster
2889 days ago
|
|
|
Here's the thing. I don't want a device with a usb interface. Some environments are so locked down, the ability to plug in a usb device is completely unfeasible. Similarly, cell phones are not a good option in these restricted environments (one time password apps or text messages would not work). It's these types of environments where security is the most restricted that we need better two factor options. RSA SecureId tokens are a reasonable solution for local logins, but can't be used to authenticate with external resources like Google. I want to access Google, AWS (and friends) without a network (phone) or plugged (usb) device. Let me register a SecureId token or something similar with them. We need to be able to bring our own devices. |
|
|
https://www.amazon.com/Feitian-MultiPass-FIDO-Security-Key/d...
SecureId is a TOTP device last time I checked, which is phishable and significantly less secure than U2F devices. The sooner TOTP is phased out the better.
If BLE and NFC are unacceptable, well, I guess you are stuck trying to use TPMs in some way to do U2F. Some phones already support something like that and I assume newer desktops and laptops will be capable of doing that some day.