0

Is it possible to have a FIDO2 usb key which I can use as a second factor without requiring me to perform the user presence check? All the keys I've checked so far (YubiKey, Solo Keys, etc.) require me to tab them.

The intention is to use such a key in order to verify that the authentication process was really initiated from my computer and nothing more. That means, I do not care if my computer gets cracked and then some bad guy performs an authentication via my computer. However, the key would at least prohibit others to authenticate as me from other devices. Having a "tab-less" FIDO2 key would be really convenient (for example, I would like to use it for my SSH keys, however, tabbing the FIDO key every time I login is cumbersome).

4

2 回答 2

0

所有 FIDO2 设备都具有静默身份验证器模式(无 UV 和无 UP)。这是通过在向身份验证器发出请求期间设置特定标志来完成的。(UV=0 和 UP=0。并且需要检查 GetInfo 是否将 UV 和/或 UP 设置为 true(可用)

但是,浏览器目前没有此选项(截至 2020 年 11 月)。这是因为存在安全和隐私问题。有一些关于如何正确实施的讨论,因此将来的网站可能能够使用它。

于 2020-11-24T14:01:27.600 回答
-1

这违反了 FIDO 标准,用户在场或用户验证是经过认证的 CTAP 产品的强制性功能。您可以使用开源密钥并让您修改后的密钥自动响应用户的存在。

于 2020-11-20T22:29:11.020 回答