mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit

Administered by:

Server stats:

311K
active users

Terence Eden

🆕 blog! “Giving the finger to MFA - a review of the Z1 Encrypter Ring from Cybernetic”
★★★★☆

I have mixed feelings about Multi-Factor Authentication. I get why it is necessary to rely on something which isn't a password but - let's be honest here - it is a pain juggling between SMS, TOTP apps, proprietary apps, and mag…

👀 Read more: shkspr.mobi/blog/2024/02/givin

Terence Eden’s Blog · Giving the finger to MFA - a review of the Z1 Encrypter Ring from Cybernetic
More from Terence Eden

@Edent just a minor heads up. "NFC Ring" is a trademark.

*Shrugs

@Edent How does it work where the authentication is NFC + PIN? I imagine it being awkward to hold a finger in place on the NFC reader while typing with the other hand?

@WilliamLeech there is no PIN entry on the NFC ring.
The NFC only takes a few seconds to verify - so you can move your finger to type in any passwords etc.

@Edent Does it not support it? I thought it was part of the Webauthn spec.

On the one hand it seems a shame if such an expensive device can't do it it, on the other I'm not sure it would work well with a ring format.

@WilliamLeech there are lots of WebAuthN devices which don't have a PIN pad.

Unless I'm mistaken, it isn't a mandated part of the spec. Happy to be proved wrong though.

@Edent Not a PIN pad on the ring, you enter the PIN on the computer / phone and it passes it through to the security key (the ring in this case). I *think* it is part of the resident key part of the spec so loss of the physical key won't compromise the account.

The highest profile example I know of is Microsoft accounts where you can log in on a new device using a security key+PIN without ever entering the account password.

@Edent Obviously with a USB key it just stays plugged in, but with an NFC key it has to remain powered up by the reader while you enter the PIN, which I think might be awkward to do with a ring.

@Edent I'm interested (especially in the FIDO2 bit), but I'd have more confidence in the product if their online shop actually worked.

@noodles
I'm not sure if they're shipping to the UK yet.
But I can pass on feedback if you like?

@Edent Shipping to the US is doable. I tried to email about the lack of a working order page, but there's no obvious contact details on the site and sales@ bounced. So please do let them know.

@Edent Thank you for your review.

I seriously considered purchasing a ring.

But, it turns out that the shop does not process purchase requests, resulting in an incomplete page with nothing to click on.
And the support email bounces as nonexistent.

I hope that you would incorporate that information in your review and/or boost this as a real world experience.

#2fa#fido#gadget

@NHBoehm leave it as a comment on the post and I'll publish it.

@Edent
I totally share your point of view and I am looking for a decent NFC/U2F ring for quite some time, however 300 bucks is a price for a full blown smart wearable ring, not just nfc yubikey bended into circle where I would personally expect, or better to say accept up to 100 price tag.