@Dashrender said in WebAuthn now a standard:

@stacksofplates said in WebAuthn now a standard:

@Dashrender said in WebAuthn now a standard:

@stacksofplates said in WebAuthn now a standard:

@scottalanmiller said in WebAuthn now a standard:

@Dashrender said in WebAuthn now a standard:

but how do you use a YubiKey on your phone?

Screenshot from 2019-03-05 10-05-44.png

That's exactly how I do it. You can also use the Yubiauth app on both the phone and Windows to hold OTP codes for stuff that doesn't support u2f.

So there's a way to export the private key out of the YubiKey? or the sites allows for multiple public keys?

Huh? You scan the QR code like you normally would but it stores it on the Yubikey instead. Then when you need the code you either tap it to your phone and it shows you all of the one time codes or you do it on your computer. Just like how Google authenticator works. For the u2f stuff, it works the same on Android as on your pc. The browser needs to support u2f and it does the challenge response.

I've never used a YubiKey - I assumed the private code inside the YubiKey was there and no where else.

It depends on the type of authentication.