undefined | Better HN

0 pointsmasterofmisc5y ago0 comments

I don't know about the US but Barclays in the UK has had multi-factor authentication for years now. Is that not the case in the US?

0 comments

fmajid5y ago

If it is TOTP/HOTP based rather than U2F (6-digit codes), it is vulnerable to real-time spoofing.

btbuilder5y ago

Barclays PinSentry uses CAP:

https://en.wikipedia.org/wiki/Chip_Authentication_Program

sneak5y ago

U2F is a specific type of 2FA/MFA.

They are not congruent.

tialaramex5y ago

U2F is (as its full name "Universal Second Factor" would suggest) specifically only a second factor, it doesn't make sense as your first or only factor.

WebAuthn can replace the entire authentication, because it can perform multi-factor authentication locally and then send a claim to have done so, optionally backed by attestation from a vendor saying they promise the multi-factor authentication is done by their product. For example an iPhone can have one press sign-in to web sites or apps using this technology.

j / k navigate · click thread line to collapse