Voices, fingerprints and the like can easily be recorded. The reason why U2F keys are secure is because they work on the same principles as Bitcoin transactions, the server challenges you to sign a message, and only the correct key can do it, and the device does not expose sensitive data in the process. In the case of the YubiKey I linked, it won't even sign such a challenge unless the user explicitly gives consent by tapping it. Something like a trezor could go even further while still being convenient, but the YubiKey is inexpensive and 99% of the way there.
You are viewing a single comment's thread from:
Yeah, i don't have much confidence in bio-metrics, there are simpler solutions, keys are a concept people are familiar with that still allow psudonyminity. Biometry is invasive and not wholly secure.
I was really hoping to use my Trezor password manager, but I was very disappointed to discover that Steemit has a non standard method of logging in and my Trezor doesn't work here :(
When the Trezor team recognize that "You can now log on to SteemIt.com with your Trezor!" is an instant $10,000 post, I'm sure it will be remedied pretty quickly. Someone should tell them that.
I sent some feedback to the makers of Trezor and asked them to work with steemit. I can't find how to message or inform the steemit programmers to examine how to standardize their log in method to work with the Trezor.