Okay, but how is that the key's fault? This has literally nothing to do with the... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		stavros on May 9, 2018 \| parent \| context \| favorite \| on: Yubico and Microsoft Introduce Passwordless Login Okay, but how is that the key's fault? This has literally nothing to do with the authentication method, it doesn't give you access to any other site or anything. It's just a social engineering attack on the service, and it's pretty much the only one left because everything else has been obsoleted by the use of hardware tokens for auth.

not_that_noob on May 9, 2018 [–]

Not finding fault. The point of Webauthn is convenience - but the trade off is that if CTAP is compromised, it’s convenient for the attacker too.

stavros on May 9, 2018 | [–]

I don't see how that's different from passwords, though. If your password gets compromised, it's game over as well, and it's much easier to compromise that.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact