You've totally lost me, and it's not because I misunderstand FIDO. The private key you refer to must be kept secret or the credential is compromised. Yes, this is undoubtedly better than passwords, because the system…
This line of reasoning doesn't hold up at all. The best practice advice 'avoid security through obscurity' has nothing to do with what you're talking about. Also, FIDO absolutely relies on secrets: that's what a…
AWS only allows one U2F token to be registered at a time.
I was super surprised to learn AWS will only allow you to register a single FIDO token - the inherent lockout risk pushed me back to using OTP with the seed stored in multiple Yubikeys.
No, the whole point of U2F/FIDO is that phishing sites can't extract a usable credential from the key because everything is tied to the origin requesting the authentication.
Presumably so that the backup is offsite.
Do you drop tracking cookies or scripts that fingerprint the users visiting your site? No? Well by resisting the push to TLS, you're allowing ISPs and who knows who else to inject that content into the sessions of your…
If your concern is just with government expenditures, sure, but you can also make the argument that prioritising rural areas could give them a head start on the growth of digital services. Taking Australia from being a…
He expands in his Medium post from last year, here: https://medium.com/@thegrugq/the-great-cyber-game-commentary...
Someone correct me if I'm wrong, but isn't the explicit purpose of intelligence agencies to gather intelligence about foreign countries (allied or otherwise) to further the national interest? I don't really see how this…
You've totally lost me, and it's not because I misunderstand FIDO. The private key you refer to must be kept secret or the credential is compromised. Yes, this is undoubtedly better than passwords, because the system…
This line of reasoning doesn't hold up at all. The best practice advice 'avoid security through obscurity' has nothing to do with what you're talking about. Also, FIDO absolutely relies on secrets: that's what a…
AWS only allows one U2F token to be registered at a time.
I was super surprised to learn AWS will only allow you to register a single FIDO token - the inherent lockout risk pushed me back to using OTP with the seed stored in multiple Yubikeys.
No, the whole point of U2F/FIDO is that phishing sites can't extract a usable credential from the key because everything is tied to the origin requesting the authentication.
Presumably so that the backup is offsite.
Do you drop tracking cookies or scripts that fingerprint the users visiting your site? No? Well by resisting the push to TLS, you're allowing ISPs and who knows who else to inject that content into the sessions of your…
If your concern is just with government expenditures, sure, but you can also make the argument that prioritising rural areas could give them a head start on the growth of digital services. Taking Australia from being a…
He expands in his Medium post from last year, here: https://medium.com/@thegrugq/the-great-cyber-game-commentary...
Someone correct me if I'm wrong, but isn't the explicit purpose of intelligence agencies to gather intelligence about foreign countries (allied or otherwise) to further the national interest? I don't really see how this…