Where are the U2F Rings?
nfc security WebAuthn yubikey · 6 comments · 700 words · read ~1,490 times.
The FIDO specification defines a form of Universal 2nd Factor (U2F) when users log in to a system. Rather than relying on one-time codes sent via SMS, or displayed on a phone screen, these are physical hardware tokens which are used to supplement passwords. When used with websites, this technology is also known as WebAuthn.
I use a USB thumb-drive sized hardware token and they're nifty - but a little impractical.
Since the great working from home experiment, I don't have my keys on me at all times. This means my Yubico Neo sits on a keychain, in a pocket of a coat which is rarely worn. So every time I need to use U2F to authenticate with a service, I have to trek around the house trying to remember where I last saw my keyring.
Wouldn't it be great if I could wear my Yubikey? Some high-tech jewellery would be fab!
To be clear, this isn't an original idea:
And some people do wear their keys as pendants.
There are also Yubikey earrings:
So why not a ring? A ring doesn't take up much space on the body, they're rarely taken off, and they're socially acceptable jewellery for most people.
A basic NFC ring costs less than two pounds! But it doesn't have the necessary processing power for U2F.
The OMNI ring is £70 and looks like it has the right hardware. But, sadly, they appear to be incompatible with the FIDO specification.
The cheapest FIDO2 U2F NFC key is about £30. So it shouldn't be impossible to put the hardware into a more aesthetically pleasing form factor.
Token were planning to release a WebAuthn ring "soon" - but with no price nor predicted availability. Their social media hasn't been updated in two years. Similarly, Motiv were planing on releasing a WebAuthn ring - but they got bought by a company called Proxy - who have since fallen into a Web3 hole never to be heard of again.
So - this is my version of Cunningham's Law. If I blog saying something doesn't exist - some smartarse will immediately post a link to some Shenzhen store selling them for a quid each!
There are no WebAuthn rings - or other jewellery-like form factors. And that sucks.
Thoughts on building an NFC reader for the Framework laptop
Review: ACM1252U-Z2 NFC Reader Board
Review: ACS ACR1251T-E2 USB Token NFC Reader II
Hardware I miss from my old Android phones
Some thoughts on the YubiKey EUCLEAK Vulnerability
@Edent interesting but the price point is way above what most people can afford.
@Edent
Thanks for the detailed post!
@Edent This looks very cool! Like a modern version of the java ring - https://www.nngroup.com/articles/javaring-wearable-computer/ Java Ring: A Wearable Computer: Article by Jakob Nielsen
Hardy says:
Thank you for your review.
I seriously considered purchasing a ring.
But, it turns out that the shop does not process purchase requests, resulting in an incomplete page with nothing to click on. And the support email bounces as nonexistent.
I hope that you would incorporate that information in your review and/or boost this as a real world experience.
#2fa #fido #gadget #MFA #cybernetic
https://ioc.exchange/@NHBoehm/112021575151824878
@Edent Nice. After a year or two of my lovely MacBook Pro with a fingerprint reader on the top-right of the keyboard, I'd find it a pain to go back to security systems which required a lot of typing. If I ever had to, though, this looks like a potentially good substitute.
More comments on Mastodon.