Hello people,
I'm sorry if subject is not too clear, but I'm really new to NFC development and I started to use the YubiKey only yesterday.
I'm developing a mobile application and I'm using the YubiKey to secure login with the 2FA, but I'm a little bit confused on the way I should use my Key.
My question is : is there any way to make the NFC exchange to be "unique"? When I get the NDEF tag, the only thing that seems to be unique is the id, but I don't think it will really be secure to just check if this Id matches with the one registered into my database (even if it's specific to every user).
I'm a little bit confused on how to use the YubiKey, using NFC, to check if "it's really that person" and prevent this step to be easily hacked.
Right now (I just started to code the application) I'm just checking if the Id matches, but I tell myself that anyone could buy a NFC device, change the Id and hack everything.
I'm sorry if the question has already been asked (I didn't find anything similar) or if I misunderstood all the YubiKey authentication principle, but I would like if anyone could help me out
Thank you!!
Login
FAQ
Search
