When you register your FIDO2 key, it gives the server its public key, which the server links to your account. Now, your stamp is really complex, so it's pretty impossible for anybody else to copy it. This means that if somebody sees a letter with your stamp on it (you sign it), they know for a fact, it is from you, because you display a copy of your stamp on your front door. This stamp is inside your house, meaning you NEED the private key to get it. Using your private key, somebody can give you a letter using your address (your public key), and you take it inside (using your private key), where you take a stamp and seal the letter (sign the data). The last term I'm going to explain (in simple terms) is signing. Your private key is the key you use to unlock your front door. You share this publicly, and it can be used to "identify" you.
For this example, think of your public key as your home's address. Asymmetric keys means there are two separate keys used for cryptography, a public key, and a private key. These keys use asymmetric keys to validate your identity. Not only would it add security, but also is just more convenient, rather than using a whole different app that is less secure for 2FA.įor anybody who doesn't understand what a FIDO2 compliant key is, how it works, or why it's more secure, here's a very simple rundown (I'm going to heavily oversimplify): Hell, even HMAC HOTP support, outside of their Steam app, would be awesome. Supporting FIDO2 / WebAuthn would be fantastic. I would love to see this as an authentication method on Steam.
0 kommentar(er)
