dbosk
commented
6 years ago Firefox support for WebAuthn shows passwords the door https://nakedsecurity.sophos.com/2018/05/11/firefox-support-for-webauthn-shows-passwords-the-door/
Open dbosk opened 6 years ago
dbosk
commented
6 years ago Firefox support for WebAuthn shows passwords the door https://nakedsecurity.sophos.com/2018/05/11/firefox-support-for-webauthn-shows-passwords-the-door/
Since we must use password managers to cope with passwords, we might just as well replace the passwords with crypto keys anyway. Once we have crypto keys we can do anonymous credentials. There will be no leaked password databases as the server only stores public keys.
We need a lab that pushes the students beyond identity based authentication. What do they actually need to authenticate? Usually not the identity.
However, sometimes a password is the right thing, like protecting the password/key manager. (Sometimes a biometric can be used here, which is a password of sorts.)