[Cryptography] How Google's Physical Keys Will Protect Your Password

John Levine johnl at iecc.com
Sun Nov 5 10:37:20 EST 2017

In article <1509671516009.49394 at cs.auckland.ac.nz> you write:
>It's also why companies shell out a fortune for SecurID gear, because they're
>the closest 2FA you can get to the most usable authentication mechanism there
>is, passwords (see e.g. "The quest to replace passwords: A framework for
>comparative evaluation of web authentication schemes").

Oh, you mean like this?


Since I published that blog post four years ago, the keychain has
added another securid and a yubikey, but three of the four dongles in
the picture have now been replaced by an app on my phone, and the bank
has changed its login procedures so on most of their websites you can
login with a second password instead of the 2FA code and do nearly
everything you can do with the 2FA.


More information about the cryptography mailing list