In short, no. I believe not implementing the facet algorithm is a feature.
I recommend migrating to Web Authentication as soon as practical.
I will also point to a post on blink-dev from Adam Langely calling for
websites targeting Chrome to migrate to WebAuthn:
https://groups.google.com/a/chromium
Hi all,
Thank you for enabling U2F! But Duo Security's implementation of U2F is
dependent on the Trusted Facet functionality, as we need to reliably
enroll/authenticate a U2F credential across subdomains. Until the trusted facet
functionality is implemented I don't believe we can enable our us
Thanks for being flexible here in the face of adversity, big fan of running
trains even if it seems icky in the short term.
On Wed, Mar 27, 2019 at 1:00 PM JC Jones wrote:
> On Tuesday, March 26, 2019 at 12:50:21 PM UTC-7, Alex Gaynor wrote:
> > Simply flipping the pref, and not including regist
On Tuesday, March 26, 2019 at 12:50:21 PM UTC-7, Alex Gaynor wrote:
> Simply flipping the pref, and not including register support seems a bit
> unfortunate, as it'll leave some websites in a works-sometimes state. While
> some larger sites have UIs and help articles explaining that Firefox works
>
Hi Philip:
1) Yes
2) I think so -- it's clearly had substantial refactoring in the process of
moving to Web Authentication
3) I think that's the one, but most sites redistribute a much older version
that used to be served by gstatic.com (I can't find it now) archived here:
https://github.com/fido-
On Tue, Mar 26, 2019 at 3:46 PM J.C. Jones wrote:
> (Sorry for the delay in replying, had a long-weekend of PTO there)
>
> On Thu, Mar 21, 2019 at 7:08 AM Henri Sivonen
> wrote:
>
> > On Thu, Mar 14, 2019 at 8:12 PM J.C. Jones wrote:
> > > It appears that if we want full security key support fo
(Sorry for the delay in replying, had a long-weekend of PTO there)
On Thu, Mar 21, 2019 at 7:08 AM Henri Sivonen wrote:
> On Thu, Mar 14, 2019 at 8:12 PM J.C. Jones wrote:
> > It appears that if we want full security key support for Google
> > Accounts in Firefox in the near term, we need to gr
Hi all,
Some naive questions to understand what's happened here.
Is
https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendment-20150514/fido-u2f-javascript-api.html#high-level-javascript-api
the
API that will be added to Firefox?
Is
https://cs.chromium.org/chromium/src/chrome/browser/resource
On Thu, Mar 14, 2019 at 8:12 PM J.C. Jones wrote:
> It appears that if we want full security key support for Google
> Accounts in Firefox in the near term, we need to graduate our FIDO U2F
> API support from “experimental and behind a pref”
I think it's problematic to describe something as "exper
On Thursday, March 14, 2019 at 7:22:21 PM UTC-4, acze...@google.com wrote:
> Hi there,
>
> Chiming in from Google. This has nothing to do with our level of motivation
> (which is high btw). This has to do with OEM burned-in images on Android
> devices that have already shipped and the lifecycl
Hi there,
Chiming in from Google. This has nothing to do with our level of motivation
(which is high btw). This has to do with OEM burned-in images on Android
devices that have already shipped and the lifecycle of these devices out in the
field. Without going into too many details, in order
On Fri, Mar 15, 2019 at 10:35 AM devsnek
wrote:
> If this is how you feel, encourage Google to fix the problem. This isn't
> Firefox's fault, Firefox is doing the right thing by supporting
> standardized APIs instead of "whatever Google uses". It's incredibly
> frustrating and demoralizing to see
On Thursday, 14 March 2019 13:12:24 UTC-5, JC Jones wrote:
> However, a multi-year delay for the largest security key-enabled web
> property is, I think, unreasonable to push upon our users. We should
> do what’s necessary to enable full security key support on Google
> Accounts as quickly as is
On Thu, Mar 14, 2019 at 11:25 AM Alex Gaynor wrote:
> one overriding concern: phishing, particularly moderately-sophisticated
> phishing which can handle forms of 2FA such as TOTP, SMS, or push, is a
> scourge.
TOTP was never much defense against phishing, just password compromise
(shoulder sur
There are a lot of good reasons to oppose this:
- This is a very frustrating _expansion_ of non-standard APIs, more than a
year after we shipped the W3C standard API
- It'll put pressure on other browsers, which were only implementing
webauthn, to also support u2f.js
- It'll prolong the period of
15 matches
Mail list logo
