top | item 17611513

(no title)

agl | 7 years ago

Webauthn works with both FIDO1 and FIDO2 keys. (Unless you have the new, FIDO2 key from Yubico then you have a FIDO1 key). You might also see them called CTAP1 and CTAP2 keys because CTAP is the bit of FIDO that defines the interface to the hardware tokens. (CTAP: "Client to Authenticator Protocol". See https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-cl...)

FIDO2 keys talk a different protocol and do everything that FIDO1 keys do, and (potentially) more. For example, they may operate in "resident key" mode where the key remembers both your username and private key. They can also support things like PIN activation.

I've only briefly poked the Yubico FIDO2 key. I think it supports a limited form of resident keys and it advertises PIN support, although I didn't exercise that.

discuss

No comments yet.