Designed for securing online accounts, FIDO U2F as a protocol and YubiKey as a hardware tool are not silver bullets. If not used wisely, this powerful combo becomes an attractive target in the hands of skilful attackers. In this post, we will explore some of the hidden pitfalls, typical mistakes, and concerns that system architects and software developers should be aware of when building authentication systems using YubiKeys. Why use YubiKey YubiKeys as MFA: User identification and phishing p...
