RFE: require only one "touch" when there's a password #25
Comments
|
You're not doing anything wrong, the user interface for this is not ideal. Unfortunately it's hard to do it in a better way. The authentication is done via a shared secret, stored on the device and derived from your password and a salt. As the app is capable of saving passwords, and the password is optional, the app does not initially know if you will need to provide a password or not until you tap the device. At that point it needs the shared secret to authenticate to the YubiKey, and prompts you for it. You give the password and the shared secret is then derived, but a second tap is needed to actually use the secret to authenticate and calculate the credentials. The interaction when storing the password on the phone requires only one tap. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have a password protecting the credentials on my key. This seems to result in my having to touch the key to my Android device twice, i.e:
It would be nice if I only had to do the one touch, here.
Or am I doing something wrong?
thanks much indeed.
The text was updated successfully, but these errors were encountered: