undefined | Better HN

0 pointsmiend9y ago0 comments

I use this combo whenever possible, though the number of services yet supporting FIDO/U2F is still a bit disappointing. It's been incredibly convenient to be able to use my bitcoin hardware wallets to double as U2F keys wherever I need them. Given that any device I would use an OTP or text 2FA solution with already requires time to unlock, it's far less convenient on top of being more exploitable.

0 comments

stinkytaco9y ago

Are you using the ledger as a wallet? Doesn't plugging the device into an untrusted PC worry you at all? Leaving all that aside, the biggest issue for me an u2f is the mobile problem I have a yubikey neo, but u2f does not work over nfc, so I'm still stuck creating application passwords for things.

DennisP9y ago

The Ledger is designed to plug into an untrusted PC, that's the whole point. It's running secure hardware and never reveals the private key. It also has a display that tells you how much you're sending and to what address, so you're protected even if you have spyware that attempts to spoof those parameters.

According to Yubikey, "All YubiKey NEO devices manufactured as of February 10, 2015 supported the current FIDO U2F specification for NFC."

https://www.yubico.com/products/yubikey-hardware/yubikey-neo...

Maybe you have an older device? Or, if you have an iPhone, it's Apple that's the problem, since it restricts NFC to Apple's own payment system. With Android, NFC is available to any app.

stinkytaco9y ago

You're correct, but the implementation is limited. Chrome supports it, I think via Google Authenticator, but even their Gmail app doesn't support it directly. Nor does Dropbox, which are my primary two use cases. I highly doubt most other apps do either. The Google Authenticator support is a step, but it really needs to move to "enter password, tap token" in any app to really be useful.

j / k navigate · click thread line to collapse

0 pointsmiend9y ago0 comments

0 comments

stinkytaco9y ago

DennisP9y ago

According to Yubikey, "All YubiKey NEO devices manufactured as of February 10, 2015 supported the current FIDO U2F specification for NFC."

https://www.yubico.com/products/yubikey-hardware/yubikey-neo...

Maybe you have an older device? Or, if you have an iPhone, it's Apple that's the problem, since it restricts NFC to Apple's own payment system. With Android, NFC is available to any app.

stinkytaco9y ago

j / k navigate · click thread line to collapse