must die. On that we’re all agreed. Amirite?

and W3C want to set the standard for 21st-century . They seek to do away with phishing, credential breaches, and MITM attacks. And the major browsers seem to be playing along.

But is anyone experiencing déjà vu here? In , we’ve heard it all before.🤣

by @richi at
techbeacon.com/webauthnctap-fi

@richi Personally, I'm least enthused by attempts to get rid of passwords via biometrics. It's kind of like Social Security numbers as they're set up now: once it's lost somehow, there's no good way to undo the damage.

Changeable Passwords/PIN numbers plus cryptographic authentication (e.g. U2F/Yubikeys) seem extremely solid to me as a combination.

@JWilliams yes. Yubi is part of the FIDO Alliance, so that's their vision also

Follow

@richi Right -- should have made that clear.

My biggest complaint is that more entities that supposedly care about security--banks, etc.--don't allow the use of U2F keys (and many won't even get away from SMS 2nd factors. I guess they need a major breach to drive the point home).

@JWilliams @richi

I don't agree. They won't implement these changes because they have insurance to cover their breaches and they make so much money that they are still on the side of the tipping point where the insurance is cheaper than change.

@Kit @richi Personally, I think this is a big part of exactly why they won't improve security.

It's why credit cards took so long to incorporate chips, etc. Less expensive (and less work) to just pay for breaches.

@JWilliams @richi

Yes, and in the US we still don't have the securest version of the chips because they went with the older technology.

Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.