I wonder if all keys work with the same websites that are supported by YubiKey, does anyone know this? So does the Google Titan and the Thetis security key work with all of the services that are listed on the YubiKey catalog? https://www.zdnet.com/article/best-security-key/ https://www.yubico.com/nl/works-with-yubikey/catalog/
Seriously guys, so nobody is using any security keys? I'm planning to buy one, but I wonder if the Yubikeys are the best solution.
in the amount of time u spent ranting here for help, u could have checked it yourself... I have sooooo much stuff to do, but in just barely 10 minutes I quickly figured out that: There are a few ways sites can authenticate you with Hardware 2FA (security protocols): FIDO2/WebAuthn, FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, Smart card (PIV), OpenPGP, and Challenge-Response There might be more, but those seem to be the main ones. So, go to a site and click Learn More Then u will see what security protocols that site supports So then find which site u want to use and buy corresponding key that supports it (obviously, the more it supports the better). Gl.
Thanks for the help, and of course you can find most info on the web, but I like to hear about people's own experiences, this is sometimes more useful than standard info. But from what I understood, it's all about the protocols that security keys support? So if a key supports FIDO U2F, then it will work with all websites that support this, I guess. I do think it's weird that they make it hard to find which websites are supported, I couldn't easily find this info on the Yubico site and I didn't find anything on the Google Titan and Thetis website, while this is the most important selling point, this is crazy!
Provide more explanation. https://www.dongleauth.info/ https://www.dongleauth.info/dongles/ I am honestly surprised. Google is usually top-notch quality in everything they make (other than privacy ofc). But this? Google titan doesn't support OTP. https://blog.teamstack.com/all-about-2fa-what-is-otp-totp-and-hotp/ https://www.yubico.com/blog/otp-vs-u2f-strong-to-stronger/ https://blog.strongkey.com/blog/guide-to-fido-protocols-u2f-uaf-webauthn-fido2 https://wearedevs.com/two-factor-authentication/ https://alicebobandeve.org/blog/standards/2019/11/05/fido2-u2f-oath-yubico-otp-yubikeys/ https://fidoalliance.org/members/ https://blog.strongkey.com/blog/guide-to-fido-protocols-u2f-uaf-webauthn-fido2 FIDO2 > UAF >= U2F > Yubikey OTP > TOTP > HOTP in terms of security Each method has its own pros and cons, but if u have to pick, Yubikey OTP is much better than any other OTP, and FIDO2 is UAF and U2F combined basically. And U2F is better than Yubikey OTP, I think. https://www.reddit.com/r/Bitwarden/comments/hhbza7/yubico_vs_fido_u2f_what_is_the_difference/ https://www.youtube.com/watch?v=0R23JRR671I https://www.youtube.com/watch?v=NEDeL3Q4WvI https://www.youtube.com/watch?v=aMo4ZlWznao
Cloudflare launches new security key-based replacement Cloudflare wants to replace CAPTCHAs with an entirely new system. You can read an extensive explanation on their blog, https://blog.cloudflare.com/introducing-cryptographic-attestation-of-personhood/ or test the system on their website https://cloudflarechallenge.com Platform Compatible Browsers iOS 14.5 All browsers Android 10 and later Chrome Windows All browsers macOS All browsers Ubuntu All browsers
I guess this is probably the smartest thing to do since they at least provide information on which websites these keys will work. Thanks I totally forgot about this site. It's a bit shocking to see how many services still don't support security keys! And too bad that you can't sort on which websites do support Yubikeys.
if you buy a yubikey that supports all protocols, technically all the sites that support hardware 2FA will support at least one protocol that yubikey supports. And then you just follow the order of security.
Yes I guess this makes sense. Somebody should make a website where you can easily see which website supports which security key.
It's not very hard you just have to scrape the html easy to do with a script Hell, you could even manually copy the entire relevant html of the webpage, apply a regex and boom. Very very easy to do.