Password-less: Your Thoughts

[kC77]

They can steal your fingerprint and your face but they cannot steal your thoughts. So, password is still the best.

100% agree, but the yubi bio makes a really secure and easy/quick secure 2fa method, never a replacement for a password.
(something you know stored in your brain, and 2 things you must have (physical key & physical fingerprint)

 

[Orchid]

I'm not a Netflix account holder to know what account security they offer.

@Ink, As I mentioned in my previous post, I researched what adding phone numbers would do to a Netflix account. Adding a phone number to a Netflix account is only used for password recovery. There is no multi-factor authentication for Netflix, but that could change if Netflix wants to stop password sharing.

The links above are for developers that wish to implement Yubico technology on their websites or in their applications.

Your interpretation of the documentation is incorrect. The Yubikey validation server for OTP is implemented on the web services server - for those that want to implement Yubikey as a 2FA method on their website.

The Yubikey you buy from Yubico is not sending anything to Yubico. A Yubikey stores no data, needs no network connection, and does not run on software.

The only contact ever necessary with Yubico is to register and activate the Yubikey remotely, which saves no user information.

@Oerlink, Thank you for correcting me on this. I am not very knowledgeable about YubiKeys, so I probably should do more research on this.

You can always change your password, if something happens, but you can not change your face nor fingeprint, they could even get damaged, not to mention you can simulate any face or a voice and a fingeprint can be stolen from a video or a photo! A few months MS has a big outage, people could not use passwordless login for hours, MS suggestion was to use a password.

I wasn't even thinking how Biometric Authentication can't function if there was an outage on its servers, but you are right. I was going more towards having the biometrics data stolen from a hacker. I read somewhere that if any biometric data gets stolen, a hacker can't use it for accessing an account, but I beg to differ. There could be others things a hacker can do with that biometric data.

 

[piquiteco]

@piquiteco, I never really heard about YubiKey until recently and didn't know what it was until researching it yesterday. Thank you for mentioning it to me.

It was nothing, not all services support MFA authentication by security key, that may be why you never heard about YubiKey.

 

[piquiteco]

With the yubikey bio and the supported services I have no need to "trust or remember" any device ... Just an extra prompt to tap my key and read biometrics for 2fa... Takes 2 seconds.

Even using a Yubikey and 2FA/MFA based on TOTP I never check the "trust this device" box, I am the more paranoid type, I always open the browser in an anonymous tab, one service or another because of the notification as is the case with MT and open the browser normally, after using the service I click Logout to close the session.

 

[kC77]

Even using a Yubikey and 2FA/MFA based on TOTP I never check the "trust this device" box, I am the more paranoid type, I always open the browser in an anonymous tab, one service or another because of the notification as is the case with MT and open the browser normally, after using the service I click Logout to close the session.

good practice! this is the way

 

[Brixhamite]

it works on my pixel 7 usb c needs to be plugged in as the bio has no nfc

the bio is much more basic, it only supports fido/webath but requires biomentric touch
the 5nfc has much more features fido/webauth/otp/challenge response/customizable slots etc and can be used with nfc ... way more features, but only requires a touch from any human which im not a fan of (unless you protect it with a really really strong pin.... then you would have to enter that each time)

Currently there is an issue with using Fido2 device on an Android device when using the NFC connection, but they should work fine through the USB connections.