undefined | Better HN

0 pointsTacticalCoder1y ago0 comments

> We had the perfect 2FA method with U2F hardware tokens, why did they have to take that away?!

It deeply saddens me too.

But I think we shouldn't discard one of the obvious reason: the U2F system was too secure.

Let's not forget this: the original U2F system even had a way for the user to know if its device had been cloned, for they'd be using a counter. And they silently removed this.

When Apple+Google+MSFT team up to lower security, I'm pretty sure three-letters agencies and their backdoors aren't very far.

The whole concept of passkeys that can be copied around is honestly hilarious. FFS: we had the perfect solution...

I don't think it's only incompetence at work here: there has to be mischief or at least mischief shouldn't be discarded.

0 comments

MarkMarine1y ago

Passkeys are a godsend when compared to weak passwords and SMS 2FA. Try to think through how to protect a bank account or retirement account for the average consumer, some banks send you a OTP and have you read it back to prove who you are when you call CS, some think the OTP is sacrosanct and will never be read back.

I 100% agree with you but there has to be something for regular consumers to safely log into a website that may have 10s or 100s of thousands of dollars on the other side of it, and be secure.

j / k navigate · click thread line to collapse