The reason why you can have unlimited WebAuthn accounts for your Yubikey is that nothing is added to the key. WebAuthn is different in that it use public and private keys. So a limit is placed on security keys on how many TOTP 2FA secrets they can store. That secret key is combined with the current universal time and with some math, it creates the 6-didgit code.įor TOTP to work the secret key needs to be stored somewhere and the small keys only have so much storage on them. When you set up TOTP 2FA, the service gives you a secret key, which is a randomly generated password, that you and the server know. This limit is because of a storage capacity of the key and how TOTP works. Yubikey and every security key that supports TOTP, will have a limit on how many accounts they can store on one key. Why Is There No Limit On WebAuthn, Unlike TOTP?
TOTP and WebAuthn both can be used for 2FA, but they’re both very different, and WebAuthn is vastly more secure. TOTP 6-digit codes change every 30 seconds, which makes them great for security as the codes expire. Since you and the server know the secret and use the same universal time, you both can come up with the same 6-digits and prove you’re the right person. The current universal time and a secret (basically a random password) is used to create a 6-digit code. TOTP or Time-Based One-Time Passwords is another form of 2FA. It’s basically a bunch of companies coming together to agree on a standard of logging in with physical security keys. It’s designed to be more secure than traditional username and password login, and it’s already supported by major browsers like Chrome, Firefox, and Edge. WebAuthn (also known as FIDO Alliance) is a new standard for authentication that allows users to log in to websites and applications using a security key. If you’re using your Yubikey for TOTP, you can only hold 32 accounts.
You also have an unlimited number of accounts for U2F. Can You Use A Yubikey For Multiple Accounts?Ī Yubikey can be used for an unlimited number of accounts if you’re using WebAuthn. It’s small enough to fit on your keychain and looks like a USB thumb drive. Yubikeys can also replace passwords altogether and make for a passwordless login with the WebAuthn standard. Some websites do this with a text or email code, but if you have a Yubikey and the website supports it, you can use a Yubikey instead of a text message or an email. A Yubikey can be a second factor, the thing you enter after your password when logging in.
0 kommentar(er)
