Getting a biometric security key right

There are plenty of fingerprint readers on the market, doesn&#x27;t really excite me because it just makes it 2-in-1.<p>What does excite me? Smart rings like <a href="https:&#x2F;&#x2F;store.nfcring.com&#x2F;products&#x2F;omni" rel="nofollow">https:&#x2F;&#x2F;store.nfcring.com&#x2F;products&#x2F;omni</a>

Does it worth repeating that &quot;fingerprints are usernames, not passwords&quot;?<p>It is straightforward to copy someone&#x27;s fingerprint. If technology does not include some additional biometric property (blood vessel arrangement, unique capacitance?!, unique heat signature that will not change over time?! ...) that is hard to obtain, it is pretty much useless, especially if someone is really keen to hack you ...

The key in the video was flexing from being pressed for the fingerprint. Hopefully that does not cause longevity issues.<p>My USB-A yubikey has proven durable so far, but it only requires a very light touch to activate.

With Yubico I always get a feeling that if they could breakaway from all this <i>legacy</i> smartcard stuff and lock everyone in, they would. But they can&#x27;t yet, so they distanced themselves from it and were keeping it on the down-low ever since.<p>I would really like if they made a wearable without any ports like a NFC ring, but that would mean either keeping it tied to phones only with an app or selling their own NFC&#x2F;contactless reader, most likely with some proprietary bent.

If you have a macbook with touchId you can use that as webauthn&#x2F;u2f already with softu2f, I&#x27;ve been doing this for some time and it&#x27;s really smooth, much prefer it to OTP.<p>Rough instructions here <a href="https:&#x2F;&#x2F;twitter.com&#x2F;gnyman&#x2F;status&#x2F;1217797385184841734" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;gnyman&#x2F;status&#x2F;1217797385184841734</a>

Could someone ELI5 the security benefits of Yubikey over Apple&#x27;s finger print sensor?

Serious question that sounds dumb: what happens if you lose your finger?

I&#x27;m wondering if people know that Android phones already provide the FIDO2 &#x2F; WebAuthn authentication. There is no need for additional hardware for mobile use.

What&#x27;s the most open security key right now? Best experience?

What happens if I lose the key, I don&#x27;t have it on me, or if I&#x27;m using a mobile UI? It seems like you need an identifier (email&#x2F;username&#x2F;etc) besides the hardware key for this to be practical.

A true biometric key would allow authentication from any key and not just a registered key, otherwise it just degrades into a possession authentication factor. A true biometric key would allow you to walk around with absolutely nothing, and doing 2FA using only what you know (password) and what you are (your finger).<p>Is that possible with this? Could I e.g. pass 2FA on my accounts on a friend&#x27;s computer using <i>their</i> key with my finger?