JSF
About
- Username
- JSF
- Joined
- Visits
- 3
- Last Active
- Roles
- member
- Points
- 10
- Badges
- 0
- Posts
- 2
Reactions
-
Apple's iPadOS 16.3 is out with support for security keys
SHK said:I'm not "getting" the benefit to Security Keys over two factor authentication, which is easy to use and effective.
I hope AI does a story like "who needs Security Keys" to help me understand it better.
FIDO2 is a public/private key cryptographic MFA solution. That means that the Security Key generates the public and private keys ON The Security Key. The Public key is sent up to the website and the Private Key is ONLY stored on the security key and can NEVER be exported. This means that you cannot login without your security key as that private key is only stored on the security key. This is a MUCH stronger method of MFA. It can also be PIN protected so that you must enter your PIN to use the Key to login. IT also is phishing resistant. The web site URL data and AppID is baked into the cryptographic secret so that if you do go to www.G00GLE.com, the authentication will not work. Again much more secure than the other types of MFA.
You might have heard of PassKeys. That is a technology pushed by Apple, Google, and Microsoft that is based on FIDO2. It is essentially the software version of FIDO. The public and private keys are generated on your computer or phone. They are then stored in you iCloud keychain and synchronized across your Apple Devices. The credentials store in iCloud Keychain are protected by a biometric or a PIN. Passkeys are a good solution, but I prefer an actual Security Key so that my private keys are secured. Not that Apple's concept is bad, but if they were hacked the private key MIGHT be exposed to a hacker.
I hope that makes sense.