Nice but basic read. I use FIDO and FIDO2 many times a day. Best thing going, but many site owners are just too damn lazy to set it up.
Can you give an example of how it works? I personally would like to see this on all devices like desktop, laptop and smartphone: https://www.pcworld.com/article/322...wo-factor-authentication-from-your-phone.html
I use U2F-FIDO as a requirement to access my accounts from the devices you listed. While the devices themselves in some cases can be controlled I don't actually have that need. Personal applications would be facebook, gmail, dropbox, password manager, etc.... I don't need U2F for my linux laptop because you aren't getting in pre-boot, period!
Fido is a suite of things. The U2F fob concept is excellent, but Fido also supports biometric identities which I am unfond of. I think it's important to separate authentication from identification. Of course, the reason many sites have not adopted it is mainly because it is reasonable at privacy protection - all it knows is a site specific secret which is encoded in the fob. But the sites want to share you and your interests with other parties, hence want to correlate your identity. The other issue is historically the lack of quality browser support, but FF should support it properly now (as well as Chrome), though I haven't tested recently.
I basically want devices themselves to act as the second factor of authentication. In case you're using someone else device, then you do need a smartphone or USB Key. Can't believe that this stuff hasn't gone mainstream yet. https://www.intel.com/content/www/us/en/security/online-connect.html
It's ridiculous that a lot of major websites still don't offer strong 2FA: https://blog.dashlane.com/2fa-rankings/