All Questions
8
questions
1
vote
0
answers
322
views
Is it possible to see the pubkeys that pair with private keys inside the TPM in Windows?
Is it possible to inspect data (pubkeys, domain names used for webauthn, not private keys) related to private keys stored in the TPM on Windows?
I legally own the hardware and have maximum ...
3
votes
2
answers
452
views
FIDO2: should I set user verification to "discouraged" with two-factor authentication?
I provide a web application that uses FIDO2 for two-factor authentication. Recently I got reports that Windows users have to enter a PIN each time they use their hardware token. As far as I understand,...
0
votes
1
answer
573
views
How exactly does the detection of a cloned FIDO2 credential work?
I am trying to understand the FIDO2 standard. I know that a Relying Party has to implement a mechanism that checks the counter of the respective credentials. Most of the time, a counter is stored in ...
2
votes
1
answer
3k
views
Implementing FIDO2 (WebAuthN) in Native iOS
I am currently investigating the idea of implementing FIDO2 (WebAuthN) support in native iOS using Swift. I understand that there is no FIDO2 support in native iOS, and only available through Safari ...
1
vote
0
answers
126
views
WebAuthn Variation with non-connect dongle Authenticator
As I read through the WebAuthn / FIDO2 documentation, it appears the authentication is done on the local device to create an attestation to the FIDO server. This future implies the "biometrics" or ...
4
votes
2
answers
1k
views
Why does WebAuthn require a challenge when asking the client to register a new credential?
When registering a new credential as part of WebAuthn, why does the client need to be sent a challenge?
Presumably this is to prevent a replay attack, but wouldn't a replay attack be prevented by TLS ...
18
votes
1
answer
7k
views
FIDO and FIDO2 differences
I've been reading both FIDO and FIDO2 specs for a while tring to understand the similarities and differences between both. Here is how I broke it down so far:
FIDO: First iteration in creating a ...
4
votes
1
answer
411
views
Yubikey - WebAuthn and U2F
I have a yubikey which supports only U2F. It doesn't support FIDO2. I read about U2F and i understand how it works.
When i test my Yubikey for WebAuthn on https://webauthn.io it works. I wanted to ...