action #151666
Updated by emiler 6 months ago
We could cover a new area of testing, which deals with FIDO2 keys. The scope should definitely be, at least, 2FA with web applications, but we could also test resident and non-resident keys for SSH and PGP, which are supported at least by Yubikeys.
Our options would be:
- Bare-metal test with a physical key attached
- Using a software FIDO2 key, such as [rust-u2f](https://github.com/danstiner/rust-u2f) or [virtual-fido](https://github.com/bulwarkid/virtual-fido)
## References
- https://youtube.com/watch?v=DwGLgRg-kFo
- https://github.com/drduh/YubiKey-Guide