Why Cloudflare’s CAPTCHA replacement with FIDO2/WebAuthn is a really bad idea

What is attestation?

What is CAPTCHA?

A CAPTCHA test is designed to determine if an online user is really a human and not a bot. CAPTCHA is an acronym that stands for “Completely Automated Public Turing test to tell Computers and Humans Apart.”

The idea is that a computer program such as a bot will be unable to interpret the distorted letters, while a human being, who is used to seeing and interpreting letters in all kinds of contexts — different fonts, different handwritings, etc. — will usually be able to identify them.

Source: https://www.cloudflare.com/learning/bots/how-captchas-work/

So why FIDO Attestation is a bad idea as replacement for CAPTCHA?

Yes, I know this is 60$ UNO, but trust me, you can do that with 5$ Nano clones https://twitter.com/agl__/status/1392876159591882755

FAQ

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store