WebAuthn FIDO2 Security Keys

Comments advocate for WebAuthn, FIDO2/U2F, passkeys, and hardware tokens like Yubikeys as superior, phishing-resistant authentication solutions compared to alternatives like TOTP or SMS.

📉 Falling 0.2x Security

4,542

Comments

Years Active

Top Authors

#6339

Topic ID

Activity Over Time

2008

2009

2010

2011

2012

2013

2014

2015

2016

148

2017

307

2018

554

2019

419

2020

424

2021

442

2022

955

2023

587

2024

255

2025

242

2026

Top Contributors

tialaramex (251) lxgr (70) ecesena (60) StavrosK (47) dwaite (45)

Keywords

PHP UAF USB JS solokeys.com login.gov SSH CTAP1 TOTP SMS authenticator attestation passkeys password totp yubikey sms hardware key tokens

Sample Comments

EGreg • Mar 11, 2022 • View on HN

Why don't people just use webauthn?

cokeandpepsi • Dec 9, 2022 • View on HN

It's mostly WebAuthn isn'it it?

wiml • Sep 12, 2023 • View on HN

It's what FIDO/U2F does, right?

vel0city • Jan 3, 2024 • View on HN

Sounds like a good use case for fido authenticators or passkeys.

mixmastamyk • Oct 24, 2024 • View on HN

Yubikey, FIDO2, etc already exists, though not supported everywhere.

Rafert • Aug 6, 2019 • View on HN

With WebAuthn it doesn't have to be a USB fob - it can be built into your device too.

postalrat • Oct 13, 2022 • View on HN

Don't all fido2 yubikeys support webauthn? They have the advantage that they can't be cloned/sync/etc. Might be an inconvenience for some but for me that's an advantage.

grey-area • Jan 4, 2022 • View on HN

Yes webauthn is a much better solution to this.

qudat • Sep 3, 2023 • View on HN

For chrome u2f was replaced by webauthn. Regardless, both are hard to implement compared to passwords

drhuseynov • Apr 18, 2024 • View on HN

FIDO2 Security keys should be considered good "hardware tokens" now , more phishing-resistant than TOTP