|
|
|
|
|
|
by tialaramex
1689 days ago
|
|
|
Also, just because you aren't allowed to plug in "USB dongles" such as flash drives, does not mean FIDO authenticators [the things needed to make WebAuthn or its predecessor U2F work] won't work. A FIDO authenticator is actually a USB HID class device, like a keyboard‡. So, if your $WORKPLACE doesn't allow you to plug in keyboards then, OK, I guess maybe a FIDO dongle isn't worth trying, but few people are in that situation. If your employer has a policy of specifically issuing and authorising only particular devices (e.g. you can pick from a list of 3 Dell branded keyboards and 2 Logitech keyboards and anything else needs HR director override) then seems like it's time for them to authorise and issue a nice high quality FIDO authenticator. Yubico make some eye-wateringly expensive models, maybe they should pick those. ‡ "Like" a keyboard but it isn't a keyboard. The FIDO protocols don't involve keypresses, the device is just HID class because well, it's a Human Interface Device, seems legit. It sets protocol to 0xFF custom, and needs dedicated software to use that, which is fine. |
|
|