Reply to post: Re: Get rid of the commercial middlemen

Password killer FIDO2 comes bounding into Azure Active Directory hybrid environments


Re: Get rid of the commercial middlemen

Read the FIDO2 spec and you will see it is not inherently evil. It is perfectly workable by corporations, businesses, and end users without compromising security. It is not designed to track you and is not really capable of doing so. All communication is voluntary and E2E—no middleman, unless the the service you signed up with decides to use another service to authenticate you, but FIDO2/WebAuthn is simple and well supported enough that it should not need such a thing. Whether or not that will change in the future is up for debate, but if FIDO/U2F is still supported by the spec despite being obsoleted, I think there's hope FIDO2 will be supported for a long time coming.

There are plenty of other authentication modes and open source libraries/example code that you can choose from if FIDO2 isn't your cup of tea, including OTP-HMAC which is also widely supported.

But like others have said, this article is about Azure, which is already fundamentally compromised in the sense that your data is no longer in your own datacenter. The argument on whether or not FIDO2 is respecting of your privacy etc. is moot when the whole platform may or may not and there's no 100% sure way to know.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2021