|
|
|
|
|
|
by tialaramex
2134 days ago
|
|
|
> Don’t forget to set a password also for the YubiKey Authenticator app. Otherwise I believe anyone who has your key would see the websites with which you have Fido U2F and use it. From what I can see YubiKey Authenticator is a TOTP authenticator. So that's completely orthogonal to U2F (and less safe, although more familiar to users who have things like Google Authenticator) With U2F non-resident credentials don't leave any trace. If somebody has stolen a working authenticator they'd need to guess sites at which its non-resident credentials would be valid and then try it. |
|
|