blog! “Giving the finger to MFA - a review of the Z1 Encrypter Ring from Cybernetic”
★★★★☆
I have mixed feelings about Multi-Factor Authentication. I get why it is necessary to rely on something which isn't a password but - let's be honest here - it is a pain juggling between SMS, TOTP apps, proprietary apps, and mag…
⸻
#2fa #fido #gadget #MFA #nfc #review #rfid
@Edent just a minor heads up. "NFC Ring" is a trademark.
*Shrugs
@Edent How does it work where the authentication is NFC + PIN? I imagine it being awkward to hold a finger in place on the NFC reader while typing with the other hand?
@WilliamLeech there is no PIN entry on the NFC ring.
The NFC only takes a few seconds to verify - so you can move your finger to type in any passwords etc.
@Edent Does it not support it? I thought it was part of the Webauthn spec.
On the one hand it seems a shame if such an expensive device can't do it it, on the other I'm not sure it would work well with a ring format.
@WilliamLeech there are lots of WebAuthN devices which don't have a PIN pad.
Unless I'm mistaken, it isn't a mandated part of the spec. Happy to be proved wrong though.
@Edent Not a PIN pad on the ring, you enter the PIN on the computer / phone and it passes it through to the security key (the ring in this case). I *think* it is part of the resident key part of the spec so loss of the physical key won't compromise the account.
The highest profile example I know of is Microsoft accounts where you can log in on a new device using a security key+PIN without ever entering the account password.
@Edent Obviously with a USB key it just stays plugged in, but with an NFC key it has to remain powered up by the reader while you enter the PIN, which I think might be awkward to do with a ring.
@noodles
I'm not sure if they're shipping to the UK yet.
But I can pass on feedback if you like?
@Edent Thank you for your review.
I seriously considered purchasing a ring.
But, it turns out that the shop does not process purchase requests, resulting in an incomplete page with nothing to click on.
And the support email bounces as nonexistent.
I hope that you would incorporate that information in your review and/or boost this as a real world experience.
@NHBoehm leave it as a comment on the post and I'll publish it.
@Edent
I totally share your point of view and I am looking for a decent NFC/U2F ring for quite some time, however 300 bucks is a price for a full blown smart wearable ring, not just nfc yubikey bended into circle where I would personally expect, or better to say accept up to 100 price tag.