軟體模擬 FIDO2 裝置
source link: https://blog.gslin.org/archives/2022/10/16/10920/%e8%bb%9f%e9%ab%94%e6%a8%a1%e6%93%ac-fido2-%e8%a3%9d%e7%bd%ae/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
軟體模擬 FIDO2 裝置
看到「Virtual FIDO」這個專案,用軟體模擬 FIDO2 裝置:
Virtual FIDO is a virtual USB device that implements the FIDO2/U2F protocol (like a YubiKey) to support 2FA and WebAuthN.
就安全性來說有點本末倒置,畢竟硬體確保了 secret 無法被軟體直接搬走,而這個軟體模擬的方式就沒辦法了,這個專案比較像是實驗示範性質...
翻了一下 Hacker News 上也有人提到這個問題:「Show HN: A virtual Yubikey device for 2FA/WebAuthN (github.com/bulwarkid)」,但也有提到「tpm-fido」這個專案,用 TPM 來保護:
tpm-fido is FIDO token implementation for Linux that protects the token keys by using your system's TPM. tpm-fido uses Linux's uhid facility to emulate a USB HID device so that it is properly detected by browsers.
這個至少有一點保護,但還是不像實體的 YubiKey 那樣會需要碰一下才認證。
Related
iOS 上的 Yubikey
在「Yubico iOS Authentication Expands to Include NFC」這邊看到 iOS 13 上對於 NFC 類的 MFA 會有的進展。 主要是因為之前的 NFC 只有讀取能力,所以 U2F/FIDO2/WebAuthn 之類的應用沒有辦法套用上去: Previously, NFC on iOS was read-only, which meant that it couldn’t support modern authentication protocols like FIDO U2F, FIDO2/WebAuthn that require both read and write capabilities – but now that has…
September 13, 2019In "Computer"
Twitter 的 MFA 可以加入多支 YubiKey 了
我手上有好幾隻 YubiKey,目前幾個有在用的服務都有支援同時綁定多組 U2F/WebAuthn 的能力 (像是 Facebook 與 GitHub)。 Twitter 一開始推出的時候也可以支援多組,但在去年 2020 年八月的時候發現這個功能被拔掉,只能放一把進去。 我自己開了一張 ticket 定時回頭看一下有沒有修正,剛剛定期回顧發現這個功能被加回來了,而且官方的文件上也加上去了:「How to use two-factor authentication」。 翻了一下 Internet Archive 上的資料,看起來是 3/11 到 3/16 中間更新文件的... 手上有多把 security key 的人也可以處理一下。
March 31, 2021In "Computer"
Android 的 FIDO2
在「Android Gets FIDO2 Certification—Now Supports Secure Passwordless Logins」這邊看到 Android 7.0 支援 FIDO2 了: If you have already installed the latest update of Google Play Services released earlier today, and your Android device is running Android version 7.0 Nougat or above—Congratulations! Your device is now FIDO2 Certified. 所以在 browser 有配合的情況下,可以用手機當作 MFA,而且…
February 28, 2019In "Browser"
Leave a Reply
Your email address will not be published. Required fields are marked *
Comment *
Name *
Email *
Website
Notify me of follow-up comments by email.
Notify me of new posts by email.
To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Learn More)
Post navigation
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK