When I search for information on FIDO, everything I find talks about FIDO: how to develop, integrate it with your business; non-specific technology pitch. I have not found anything that walks an end user through the practical process of buying into FIDO: buying a key or installing an app, registering on the first site; logging in.
Is there a practical introduction for end users somewhere?
I don’t care if it is specific to one product.
This demonstration for FIDO2 and Microsoft Accounts is an example of what I’m looking for.
No hot take from me/us. Thanks for posting, @mike. Haven’t looked into (yet). I note a huge discussion on HN about it.
Any PR that starts with “In a joint effort to make the web more secure and usable for all, Apple, Google and Microsoft today announced plans” should raise alarm bells, and does so at least with me.
I posted in General Discussion because I thought some of the community members might have experience with FIDO. I didn’t intend for Mojeek to respond formally. I am sorry for any confusion.
On FIDO, I’ve only paid attention to FIDO when it pops up in the news. And the Apple, Google, Microsoft press release piqued my interest. Microsoft in particular has been talking about passwordless for the past year.
About privacy:
The FIDO protocols are designed from the ground up to protect user privacy. The protocols do not provide information that can be used by different online services to collaborate and track a user across the services. Biometric information, if used, never leaves the user’s device.
“FIDO2” corresponds to passwordless:
FIDO2 adds more options to the login process:
- Single Factor: This only requires possession of the Security Key to log in, allowing for a passwordless tap-and-go experience.
Microsoft’s top ten from last year was a good primer. Though, that series focuses on Windows Hello.
I am excited by passwordless. I don’t perceive a threat to privacy here. And eliminating phishing, password stuffing, and weak passwords would be a big win for everyone. The technological underpinning is sound. And people just have to get used to managing physical keys (like having a spare key for your house) instead of passwords. You can literally use one key for everything (that supports FIDO2) which is what people try to do by reusing passwords today.
For clarity, FIDO2 does not require a big tech account. You can use YubiKeys or another FIDO2 compliant device by itself. But if you have an account, it sounds like you no longer have to enroll multiple devices one by one: which has been a pain point for the current system. Multi-device is a plus not a requirement. Perhaps, in the future, other companies or home brew will offer a similar service.
The other part of the announcement is adding Bluetooth to the protocol which appears to just increase the range over NFC.
Mike
Dan has a good overview and description of multi-device credentials.
As someone who owns a Yubikey, I’ve found it useless for anything beyond securing Bitwarden. The only sites/services that support it are sites/services I don’t use. I’ve looked through here a few times: Works with YubiKey catalog | Yubico
Oh, and Binance only supports Yubikeys on Chromium browsers. Might be handy for Mailcow if I ever setup my own mail server, though.
have you looked at their partner organizations and member companies?
forgive me for being blunt, but i’m not sure how the threat to peoples privacy could possibly be any more obvious - Google? the World Economic Forum? Intel? Amazon?
if you want to gain some insight as to why i say this, i’d suggest subscribing to James Corbett’s work which will provide you with excellent primers - James is an intelligent, independent commentator, researcher and documentary film maker living in Japan
some resources…
James on the web…
https://www.corbettreport.com/https://www.corbettreport.com/feedhttps://www.bitchute.com/video/Iy47hXZXipS2/https://www.bitchute.com/feeds/rss/channel/corbettreport/No confusion created at all @mike; nor need to apologise. It’s an interesting topic and relevant to our future. As I’ll write in a coming post soon, it’s the COMBINED policies and practices of GAM (Google, Microsoft, Apple) that is our biggest barrier to progress, at Mojeek. So this caught my attention as such, but also as a “contribution” to privacy. We’ve all seen where the bargain of convenience for “free” services from these companies can lead. So I for one will be looking at the details and plans with scepticism. It’s the unstated plans that they may have we need all to be mindful of. Thanks for posting links and to @gnome and @itsMe.
i agree, however they also often telegraph their plans for all to see in their documents that no one reads - covid is an excellent example of this where the patents date back to at least 2008 as i recall, then there’s Event 201, etc.
Dr. David Martin and Pfizer whistle-blower Karen Kingston are excellent resource in this regard
I have also seen things on HN and the like, but never really looked into it. Thanks for the relevant info @mike and @gnome.
@itsMe obviously COVID has touched us all, so is a huge topic that I see you have written about extensively; as well as about search engines. Let’s keep this thread to FIDO.
sorry - i did go off the rails there and so i deleted the post 