Hacker News new | past | comments | ask | show | jobs | submit login

Yubikey-style is dead in the water since you can't back them up or exfiltrate the key. It will never appeal to more than a handful of users willing to jump through those hoops.

Just needing to have every hardware key on hand to register with each new service is so bad I thought I was misunderstanding the UI. I never used them again.

The hoops might be worth it for a critical service that holds your $millions. But hardware keys are never going to compete on the 99% of services that people use, from the trivia app on their phone to Uber.




I think we will see most client devices natively implement something like WebAuthn with their onboard TPMs. Enrolling new devices for a service would then by a matter of approving the attempt from an already-enrolled device, iCloud style.


https://krypt.co/ Does something like this now by leveraging your mobile device as a security token for desktop logins.


yubikey-style. I think it's about the concept, not a specific implementation.

It's orders of magnitude more secure to have a device that holds a key rather than depending on (a) website to support a particular authentication platform and (b) me having credentials for said platform.

I agree, not having direct unfettered access to the keys is a flaw in current implementations. Also I don't see the steps a person needs to go through or GUI intuitiveness as things that will prevent this kind of technology from becoming ubiquitous. I'm confident adoption will reach terminal velocity. Just not sure when it'll happen. I think it won't have a chance, though, until all the right standards are in place.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: