An experiment that uses hardware security keys (like a YubiKey) to replace CAPTCHAs completely. The idea is rather simple: if a real human is sitting at their keyboard or uses their phone, they can touch their security key’s button or bring it near their phone to demonstrate that they are human.
There are a lot of people pushing for replacing passwords and all sorts of logins with such tokens, so I guess the idea is that if everyone has one of these on their keychain anyways…
I can see the advantages security wise, but I fear that it will lead to a culture of always using the same token and linking that to some official ID. This sounds like something governments would really like, but it would have a lot of privacy disadantages obviously.
On a side note: if that happens, these keys will become fashion accessiors very soon ;)
Why should I destroy my USB slot by constantly pulling the thing out, sticking it in, wiggling with my finger and whatnot?
I have a FIDO2 USB dongle, but I rarely use it. Sonetimes I use the TPM or fTPM of my mainboard. If people used password managers, they wouldn’t need these hardware tokens. Apart from the fact you can only store a very limited amount of keys with limited encryption algorithms on them, and I bet the marketing industry finds a way to track you through them.
There are a lot of people pushing for replacing passwords and all sorts of logins with such tokens, so I guess the idea is that if everyone has one of these on their keychain anyways…
I can see the advantages security wise, but I fear that it will lead to a culture of always using the same token and linking that to some official ID. This sounds like something governments would really like, but it would have a lot of privacy disadantages obviously.
On a side note: if that happens, these keys will become fashion accessiors very soon ;)
Why should I destroy my USB slot by constantly pulling the thing out, sticking it in, wiggling with my finger and whatnot?
I have a FIDO2 USB dongle, but I rarely use it. Sonetimes I use the TPM or fTPM of my mainboard. If people used password managers, they wouldn’t need these hardware tokens. Apart from the fact you can only store a very limited amount of keys with limited encryption algorithms on them, and I bet the marketing industry finds a way to track you through them.