Rather interesting, but I think the real question is when will existing systems catch up.
For the most part the only real problem I’ve experienced with 2-factor authentication is exactly the one that they outlined. In fact, it was a key reason why I stopped using Google’s authenticator in favor of physical keys around Lollipop.
The notion of storing keys in a synced keychain also intrigues me. My password manager of choice is synchronized between devices, and I generally don’t worry about it because.
- Database is locally encrypted with a pass phrase. I’m not getting those back if I forget how to unlock the password manager.
- Local storage is typically an encrypted file system, and typically on a system where applications aren’t allowed to access each other’s files without permission.
- Synchronization is to remote storage that should be encrypted at rest and transferred over the wire at least as secure as HTTPS/TLS.
- Accessing that account requires 2-factor authentication, or an emergency code that is difficult to obtain over network.