WingNews logo WingNews
top | item 23689825

(no title)

spiridow | 5 years ago

I'm really excited to see more and more people talk about FIDO2. If you're interested about this topic, I gave a talk about it yesterday: https://news.ycombinator.com/item?id=23689606

discuss

order

jjoonathan|5 years ago

Here's a browser compatibility matrix (I know, OP is about SSH).

FIDO2/U2F Just Works in:

    Chrome on Windows
    Firefox on Windows
    Chrome on Mac
    Firefox on Mac
    Chrome in Ubuntu 20
    Firefox in Ubuntu 20
Wall of shame (FIDO2/U2F does not Just Work in):

    Safari
EDIT: it does work out-of-the-box in Ubuntu 20, my bad.

tialaramex|5 years ago

In a browser what you want is WebAuthn, U2F is an older never technically standardized hack and should not be used for new implementations.

New web sites should do WebAuthn to enable this functionality, here's a guide someone else wrote that I found helpful in talking about the moving parts to actually implement this: https://webauthn.guide/

Firefox's WebAuthn implementation isn't as complete as it would ideally be, but it does have a nice feature of asking the user whether to give out the somewhat privacy-infringing "attestation" from a FIDO2 device when it is requested by a web site. IMNSHO ordinary web sites, especially where a second factor isn't even mandatory, should not be asking for attestation and I always refuse.

StavrosK|5 years ago

"Passwordless" mode unfortunately doesn't work for me in Firefox, I implemented it on https://www.pastery.net/ but I'm not sure if I did something wrong. Chrome works fine, though.

xenophonf|5 years ago

I haven't had any problems using my Yubikey in U2F or PIV modes on Ubuntu 20.04.

microcolonel|5 years ago

Just Works in Chromium and Brave on Arch Linux.

StavrosK|5 years ago

That's very useful, thank you! I've been looking for something that goes into a bit more detail, so your talk is timely.