> FIDO2 is built on the same security and privacy features of FIDO U2F: strong public key cryptography, no drivers or client software and one key for unlimited account access with no shared secrets.
They should've kept all the Microsoft stuff out of the post, other than just mentioning that they've been working on the spec together. The Azure stuff seems to have confused everyone about how this actually works.
There are also other app-based ways to login to websites with public key crypto, such as https://www.grc.com/sqrl/sqrl.htm, or https://www.civic.com/. But of course they are less secure than the hardware/Yubikey version, for the same reason Yubikey U2F tokens are more secure than Google Authenticator for 2FA (well, unless companies act stupid and enable "SMS backup" alongside Yubikey support, in which case it's even less secure than Google Auth-only as an option).
> FIDO2 is built on the same security and privacy features of FIDO U2F: strong public key cryptography, no drivers or client software and one key for unlimited account access with no shared secrets.
They should've kept all the Microsoft stuff out of the post, other than just mentioning that they've been working on the spec together. The Azure stuff seems to have confused everyone about how this actually works.
There are also other app-based ways to login to websites with public key crypto, such as https://www.grc.com/sqrl/sqrl.htm, or https://www.civic.com/. But of course they are less secure than the hardware/Yubikey version, for the same reason Yubikey U2F tokens are more secure than Google Authenticator for 2FA (well, unless companies act stupid and enable "SMS backup" alongside Yubikey support, in which case it's even less secure than Google Auth-only as an option).