Terence Eden’s Blog

How do I revoke a FIDO / WebAuthN token from every service?

fido security WebAuthn yubikey · 11 comments · 400 words · Viewed ~534 times

YubiKey Neo - a thumb sized USB device - on cardboard backing

After my blog post about recovering my accounts after a disaster, I followed the most repeated advice: Get two YubiKeys Associate them both with your accounts Keep one off-site in a safe location OK, done! My wife and I spend a very boring evening going through every single account we have which supports FIDO tokens with WebAuthN - about a dozen in total. We manually paired two keys each.…

Continue reading →

Where are the U2F Rings?

nfc security WebAuthn yubikey · 6 comments · 700 words · Viewed ~1,670 times

Photo of an NFC ring, taken by Rain Ashford.

The FIDO specification defines a form of Universal 2nd Factor (U2F) when users log in to a system. Rather than relying on one-time codes sent via SMS, or displayed on a phone screen, these are physical hardware tokens which are used to supplement passwords. When used with websites, this technology is also known as WebAuthn. I use a USB thumb-drive sized hardware token and they're nifty - but a…

Continue reading →