JoshTriplett comments on “Ask HN: Mozilla Persona Post-Mortem”

JoshTriplett comments on “Ask HN: Mozilla Persona Post-Mortem”


Will it work with a key stored in the “software security device”, rather than a hardware token?

For that matter, the description shown on that page suggests that it supports using the key on the hardware token as the only authentication factor. That seems dangerous. Unlike a key stored on an encrypted disk, a U2F key typically works for anyone who steals it. Firefox needs to use that key together with another key stored in the browser, or otherwise ensure that someone who steals the U2F key does not gain access to every account secured with WebAuthn.


link

By:JoshTriplett
Source:https://news.ycombinator.com/item?id=16174364