Reply to post: Not happy

No password? No worries! Two new standards aim to make logins an API experience

DropBear
Alert

Not happy

Sorry but I find it hard to trust all the "keys of the kingdom" to a specification (U2F) containing phrases such as "assuming the browser is working as it should", especially in the same sentence as "this is a critical privacy property". Furthermore, as long as U2F in practice seems to mainly just mean "Yubikey", which specifically chooses to base the security of every single account you entrust to it to ONE single, common, fixed (to the key) secret, I won't be using any of it thankyouverymuch. Especially seeing as how they still want me to remember a per-site password, completely eradicating the need of which being the absolute minimum I would expect in exchange for agreeing to keep all my eggs in a single basket that isn't my brain.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021