That's fair. Although, for my password manager, you need both password and 2FA t... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

ehsankia on March 4, 2019 | parent | context | favorite | on: W3C approves WebAuthn as the web standard for pass...

That's fair. Although, for my password manager, you need both password and 2FA to access it, whereas a FIDO key would just require stealing the physical key.

Does there exist FIDO key (other than phones) that require a password to "enable"? For example, when it's plugged into a new device, the key locks until you input some master password?

rkeene2 on March 5, 2019 | [–]

Most smartcards require you to authenticate to them before they will perform operations using their private cryptographic keys. I'm adding WebAuthn support to my smartcard middleware [0].

[0] https://cackey.rkeene.org/

jontro on March 5, 2019 | [–]

The Ledger Nano S requires you to enter a pin code at least

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact