Hacker Newsnew | past | comments | ask | show | jobs | submitlogin



If you had used one of the $10 USD Webauthn (aka U2F) tokens, it wouldn't have asked you to install any applications.

The "problem" is the expensive Yubikeys that you were whining about has lots of extra functionality that has nothing to do with U2F, and that's what the extra applications are all about.

I happen to use a Yubikey because I want that extra functionality, including using it to secure the keys I use for ssh and for digitally signing git tags so I can securely push git pull requests. But that's because I'm a developer, and it's why I'm happy to purchase multiple Yubikeys (one for my desktop, one for laptop, backups including one that is on a keychain, etc.) Perhaps you were reading web sites that was giving advice for developers as opposed to for consumers?


OpenSSH >= 8.something natively supports U2F. No need for extra functionality.


However, to use native FIDO the SSH server must accept it (GitHub does not for example)

Whereas if you have RSA keys on the "full fat" Yubikey, they can be used regardless.


For U2F specifically you don't need apps except support in the browser. The apps you listed are used for other types of functionality provided by the yubikey, like OTP and TOTP.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: