GitHub has released an interesting piece of Mac software called Soft U2F: https://githubengineering.com/soft-u2f/
It's basically a virtual security key, and it stores its secret in the macOS keyring. When you login to a website with 2FA, instead of using a physical USB security key, you just click an "approve" button that pops up. Their blog about it says: "Authenticators are normally USB devices that communicate over the HID protocol. By emulating a HID device, Soft U2F is able to communicate with your U2F-enabled browser, and by extension, any websites implementing U2F." As it stands, U2F is a pain in Qubes because you have to deal with USB passthrough, and exposing your VMs to sys-usb. How hard would it be to build a Qubes version of Soft U2F that stores the secret in a separate VM, similar to split gpg? This could make using U2F much more usable and secure inside of Qubes, I think. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/518a8fa7-05f3-f1ea-247a-bff614acbdc6%40micahflee.com. For more options, visit https://groups.google.com/d/optout.