Hacker News new | ask | show | jobs
by damnyou 1954 days ago
The moment you lose your key, WebAuthN becomes terrible and the UX is atrocious. You may literally have to go to an office (in the middle of a pandemic!) to restore access to your account.

This is bananas. We absolutely should not be recommending them to normal people until security researchers come to their senses and fix this problem.
1 comments
baq 1953 days ago
Nonono. We absolutely should recommend having at least 2. See also: car keys, house keys, any other physical lock you can get comes with at least 2 keys.

The default product sold should be a two key bundle.

link
damnyou 1953 days ago
With your house keys you can walk into any hardware store and get as many duplicates as you like. With a U2F key that is prohibited.

U2F desperately needs a layer of indirection that doesn't currently exist.

link