They are in fact public/private keys and use signing a challenge for authenticat... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		kro 6 months ago \| parent \| context \| favorite \| on: Emailing a one-time code is worse than passwords They are in fact public/private keys and use signing a challenge for authentication.

barrkel 6 months ago [–]

But in practice they usually rely on attestation by an approved vendor, and the vendor won't let you control your private key, so they'll leverage it for lock-in.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact