Hacker News new | past | comments | ask | show | jobs | submit login

> After years of tantalizing hints that a passwordless future is just around the corner, you're probably still not feeling any closer to that digital unshackling.

"Unshackling" is an interesting choice of word to use in support of a system which forces you to carry around a device, perhaps physically attached to your wrist, which sites can identify the make and model of using a DRM-like system to ensure you have bought it from an approved whitelisted vendor.[0]

> The main concept that FIDO believes will ultimately solve the new device issue is for operating systems to implement a “FIDO credential” manager, which is somewhat similar to a built-in password manager. Instead of literally storing passwords, this mechanism will store cryptographic keys that can sync between devices and are guarded by your device’s biometric or passcode lock.

So instead of supporting half a dozen whitelisted vendors, the new idea is to become dependent on just three large US-based operating system vendors (Microsoft, Apple, and Google), who will lock up all your keys and make it awkward to switch to a competitor. However, they won't be able to help you at all unless you let them scan your forehead or your right hand, and keep an encrypted record of those digital biometrics. Just make sure you check what the Terms of Service updates say, and read the National Security Letters that those companies are sent.

[0] https://research.kudelskisecurity.com/2020/02/12/fido2-deep-...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: