The better, newer stuff is WebAuthN-based where you also register a public key and retain a private key
This doesn't seem particularly friendly to lay-users unfortunately. Don't know how you'd get someone whose password is password123 to get the basics of private key auth
It's getting nearly friendly. The core workflow is to buy a yubikey, enable webauthn at the website you're logging into, and plug in the yubikey. Next time you log in (even with password123), it asks you to plug in the yubikey.
If websites make the registration part more obvious / default, it'll be as close as it can get to user-friendly.
The next hurdle is getting grandpa to register 2 keys in case he loses one...
In my experience the u2f key workflow falls apart on devices that don't have USB-A ports, like mobile devices, game consoles, smart TVs, certain years worth of MacBooks, etc
This doesn't seem particularly friendly to lay-users unfortunately. Don't know how you'd get someone whose password is password123 to get the basics of private key auth
It's getting nearly friendly. The core workflow is to buy a yubikey, enable webauthn at the website you're logging into, and plug in the yubikey. Next time you log in (even with password123), it asks you to plug in the yubikey.
If websites make the registration part more obvious / default, it'll be as close as it can get to user-friendly.
The next hurdle is getting grandpa to register 2 keys in case he loses one...
no one is gonna go out to the store and buy something to sign up for a website
In my experience the u2f key workflow falls apart on devices that don't have USB-A ports, like mobile devices, game consoles, smart TVs, certain years worth of MacBooks, etc