Passwords - please make the pain stop

Setup to fix strong authentication
- Open specifications
- Optional certification testing and logo programme
- Public Key Cryptography
Multiple authentication methods
- e.g. hardware token, fingerprint, pin
Multiple transports
- e.g. USB HID, BLuetooth LE, NFC
Single browser API

Authentication: verify the response


def finish_authenticate(user, session, response):
    challenge = session.pop(user, 'u2f_authenticate')
    device = user.get_device()
    try:
        counter, touch_asserted = u2f.verify_authenticate(
            device.registration, challenge, response)
    except Exception as e:
        return "Authentication failed"

    if counter <= device.counter:
        # May indicate an attack e.g. a cloned device
        logging.warn('Suspicious device counter')
        return "Authentication failed"

    device.counter = counter
    device.save()
    return "Successfully authenticated"