|
|
|
|
|
|
by rb12345
1873 days ago
|
|
|
As said elsewhere, for U2F/Webauthn, the biggest threat is creating a duplicate of the key rather than third parties using the physical key. The idea is that physical security plus needing to know the account password should be sufficient security for that use case. Yubikeys in smartcard or FIDO2 mode do use PINs or passwords to protect the private key, since in that case the private key+PIN are the two factors. |
|
|