AI Snips
Chapters
Transcript
Episode notes
Prefer CTAP2 Authenticators With Resident Storage
- Use CTAP2-capable authenticators for discoverable credentials since many modern keys store resident credentials.
- Expect limited on-device storage and manage credential counts accordingly.
Phones Emulate Security Keys Via CTAP Tunnels
- Phones act as CTAP2 authenticators by tunneling CTAP over an authenticated channel to the laptop.
- The phone then performs normal authenticator operations like account selection and biometrics.
QR Codes Bootstrap PSK Noise Handshake
- Initial pairing uses a QR code carrying a public key and a 16-byte secret to bootstrap trust.
- That data seeds a PSK-based Noise handshake proving proximity and authenticating both ends.