Tag: Fido2

Webauthn's userVerification:preferred and its Pitfalls

Webauthn is a beauty. A relatively easy to implement way to allow users a secure 2-Factor experience. (easy enough that I could re-create my Webauthn Sandbox after losing it in my migration, FUN! Well, sarcasm aside, there are a few things I dont like with it, and one of them is the default state of the userVerification Flag. For anyone who isnt all-aware in Webauthn and stuff: more modern Fido2 devices are generally capable of a feature called userVerification, in ...

Fido Shootout - Too Lazy to Count Edition

I have loved Hardware based security for a Fucking eternity, and so I accumulated quite a few different Devices (for the rest of this article, "key" generally refers to the cryptographic keys to avoid confusion) over the now I am going to compare them.