Not looking for anything super deep, just more of how it differs from being like a simple “this is my device ID number” as a form of verification.
I have a Yubico NFC Security Key (blue stick) and it supports a few protocols, with other USB keys supporting additional protocols.
[https://www.yubico.com/store/compare/security-key-nfc-by-yubico,yubikey-5-nfc,yubikey-5-nfc-fips/](https://www.yubico.com/store/compare/security-key-nfc-by-yubico,yubikey-5-nfc,yubikey-5-nfc-fips/)
So I’m wondering how it all works so that the key is able to act as a MFA method, but in simple terms.
In: 5
It’s a two way password.
The key provides a secret password verifying your identity AND confirms the identity of the service you’re authenticating with.
This way it defeats eg phishing attempts by detecting that you are attempting to authenticate with a fake website.
Latest Answers