undefined | Better HN

0 pointschowell6y ago0 comments

I was super surprised to learn AWS will only allow you to register a single FIDO token - the inherent lockout risk pushed me back to using OTP with the seed stored in multiple Yubikeys.

0 comments

blintz6y ago

This is actually against the WebAuthn spec (https://www.w3.org/TR/webauthn-1/#credential-loss-key-mobili...). Hope they fix it soon.

bradstewart6y ago

Yea it's very annoying. I ended up making multiple IAM users--one for each of my security keys.

j / k navigate · click thread line to collapse

0 pointschowell6y ago0 comments

I was super surprised to learn AWS will only allow you to register a single FIDO token - the inherent lockout risk pushed me back to using OTP with the seed stored in multiple Yubikeys.

0 comments

blintz6y ago

This is actually against the WebAuthn spec (https://www.w3.org/TR/webauthn-1/#credential-loss-key-mobili...). Hope they fix it soon.

bradstewart6y ago

Yea it's very annoying. I ended up making multiple IAM users--one for each of my security keys.

j / k navigate · click thread line to collapse