Can someone help me understand how this is different from the existing YubiKey products, which I've used?<p>* Passwordless single factor with AD integration (couldn't this already be done by storing your password on the key?)<p>* 2factor auth with the token as one of the factors.<p>From the article:<p>-----------<p>Single Factor: This only requires possession of the Security Key to log in, allowing for a passwordless tap-and-go experience.<p>Second-Factor: In a two-factor authentication scenario, such as the current Google and Facebook FIDO U2F implementations, the Security Key by Yubico is used as a strong second factor along with a username and password.<p>Multi-Factor: This allows the use of the Security Key by Yubico with an additional factor such as a PIN (instead of a password), to meet the high-assurance requirements of operations like financial transactions, or submitting a prescription.
This is what I want for family members: the end to passwords and the end to using Facebook (or even Google for that matter) to authenticate logins. I continue to lament the end of Mozilla Persona.
Legal wonks:<p>I know biometric identification isn't afforded the same protection by law on the basis that biometrics are public (e.g. fingerprints are left everywhere), but what about physical keys? FIDO2 is entirely analogous to a physical key, and it's not exactly public the way biomtrics are.<p>I'd still prefer a password for that added 5th amendment layer of protection, but I'm looking for what legal minds think about this right now.