|
|
|
|
|
|
by qudat
1576 days ago
|
|
|
> Much simpler than webauthn. Having recently had to upgrade from u2f to webauthn, the complexity involved in getting webauthn right cannot be understated, especially when comparing it to something like OTP. This flow seems simpler but more annoying for the end-user, right? They would have to generate the signed message themselves and then paste it into the browser. Whereas with webauthn you just touch your security key. |
|
|
Ideally, we make WebAuthn easier to use (via libraries, identity providers, etc), rather than, you know, replacing it with something less secure than passwords.
Just sayin’. ;)