undefined | Better HN

0 pointstadfisher10y ago0 comments

> Ideally, a standard such as FIDO U2F gains ground, so users can safely and conveniently reuse a single hardware token for any service supporting that standard. Who knows, perhaps having your 'internet key' on you can become as commonly accepted as having your house keys on you.

Unfortunately, most FIDO U2F services allow SMS as a fallback authentication method, including Google and Github. At least Github has some strong warnings about it.

0 comments

1 comments · 1 top-level

Freak_NL10y ago

That is to be expected at this time though, and for a service like Github letting the user choose their level of authentication strength is fine — you are mostly responsible for what data you store there yourself. In the mean time it will help the adoption of this standard to at least have the option available.

If a service is actually guarding private data by definition (like a bank or an insurance agency) than phasing out SMS in favour of FIDO U2F or another true hardware factor is a much more likely scenario.

j / k navigate · click thread line to collapse