- From: Kenneth Rohde Christiansen via GitHub <sysbot+gh@w3.org>
- Date: Tue, 11 Feb 2020 13:57:46 +0000
- To: public-web-nfc@w3.org
The Yubico static passwords and Yubico OTP can be used alone (OTP can even include username). It is not really a safe practice. In many ways it feels like a physical key, as it can be copied and then abused, but in contract to physical keys, copying is quite quick if shared to the wrong person/service. The time restriction of OTP makes that somewhat less of an issue, but at the end of the day, Yubikey leaves it up to the implementer (the user of the yubikey feature for their system) whether to make the compromise to use this less safe option in order to save money on the implementation side. -- GitHub Notification of comment by kenchris Please view or discuss this issue at https://github.com/w3c/web-nfc/issues/543#issuecomment-584646222 using your GitHub account
Received on Tuesday, 11 February 2020 13:57:48 UTC