Within the registration process, the public key and a randomly generated key handle get transferred to the server and stored there. This key-pair depends on data like the server address, TLS-certificate, and some randomly generated session id (token). If your Yubikey gets registered for the MFA process a key-pair consisting of a private and public key gets stored on the hardware key itself. A FIDO2 compatible hardware key will most likely support FIDO1. The successor FIDO2 allows login even without an initial password. The consortium has members such as Google, yubico, Amazon, Intel, Infineon, Microsoft and many others.
U2F stands for Universal 2nd Factor which is an open standard defined by the FIDO Alliance.
Theory Behind Using U2F Keys As A MFA MethodĪmazon AWS supports only U2F compatible hardware keys for two-factor authentication (2FA).
0 kommentar(er)
