• @[email protected]
      link
      fedilink
      English
      2
      edit-2
      1 year ago

      The second factor doesn’t necessarily exist, since you’ve moved all of that to the client side now. It entirely depends on implementation and that the implementation is done correctly and is honest. The server only knows that you have the key, it’s single factor authentication.

      In the past, it verifies that I know the password and that I have a key on the server side through separate challenges.

      It’s still way better than username / password, it just has new (more difficult) vulnerabilities.