It is a decent idea, but the wrong way to do security as an external service performing operations on your behalf, they should use OAuth tokens.
It looks like UpSafe (who, shame on them, have literally zero published documentation at their site) is using a browser to make a login call and then running in an isolation context.
For this purpose I'd recommend you set up an App Password just for the Mail app on the trusted device. (Also, a persistent mail application isn't something that you'd use with MFA since it needs to be able to run even when you and your token aren't around). The built-in Windows Mail application doesn't have the necessary handlers for FIDO authentication, so that one makes sense. One of my devices is a Feitian MultiPass FIDO. The Windows Mail Application is an example of such an application (this gives a message saying "You can only use your security keys with Google Chrome." Another example of such an application is UpSafe's Free Gmail Backup which takes me to the U2F prompt screen image above. What can I do to get these applications and others with a similar interface and prompt to recognize my key? If that is not possible, why? Further, if it is not possible, short of leaving 2-step verification, what alternatives are available? My understanding is that Windows' Internet Explorer 11 does not support FIDO or U2F, so I tried disabling Windows Internet Explorer in hopes it would switch the back end to Edge which might work better.
I can't even figure out what browser is being used for this authentication. I am never able to get this window to recognize my key. I enter in my user name in screen 1, password in screen 2, and then I get third the key step: Unfortunately, I have a few Windows applications which I cannot get to work with my key. I have successfully used my YubiKey to get my Chrome and Firefox browsers to get my 2-step verification to work with my Google account.
0 kommentar(er)
