The non-discoverable keys cannot be removed from the device. The secret is non-transferable.
In the yubikey bio series, this is implemented as a second factor. So you log in, and then present your hardware key as a second factor. You need your fingerprint, the key, your username. Fairly secure.
I think this is a more secure model than pass keys as they’re being promoted today
deleted by creator
The non-discoverable keys cannot be removed from the device. The secret is non-transferable.
In the yubikey bio series, this is implemented as a second factor. So you log in, and then present your hardware key as a second factor. You need your fingerprint, the key, your username. Fairly secure.
I think this is a more secure model than pass keys as they’re being promoted today
deleted by creator
Yes you need to unlock the The hardware key
deleted by creator
I think the argument and the article is users just are going to avoid this whole confusing mess
And I would absolutely like the ability to use hardware key to log into multiple accounts on the same service.