[Cryptography] How Google's Physical Keys Will Protect Your Password

[John Levine]

In article <1509406959729.53719 at cs.auckland.ac.nz> you write:
>I can't see how it will, given that Google is doing exactly the same thing
>that every man and his wombat has already tried, and failed at.

FIDO U2F, of which Yubikey is an implementation, is an interesting
hack.  It's a USB dongle that pretends to be a keyboard.  That means
it works on any device into which you can plug a real USB keyboard,
which is a lot of devices.  It's an open spec, so there are multiple
manufacturers.  I have both a couple of yubikeys and a couple from
some French company that was cheaper.

There is an NFC version that's supposed to work with phones, which I
haven't tried.  Reports say they don't work as well, dunno why not
although an obvious reason is that the NFC interface is less well
debugged if you're not using it to pretend to be a contactless credit
card.

R's,
John