Cloudflare is starting a test to replace captchas with authentication keys. Users can then use Yubikeys, among other things, to authenticate themselves. ... Cloudflare wants to replace annoying captcha puzzles
Well... This was the reason they have chosen the picture in the past... Another step back in privacy, and everyone will accept it just to have less click to do. A massive population of lamb.
Maybe it's not a privacy problem when it's Cloudflare who knows? In Cloudflare's opinion. If a competitor knows, then it's a major privacy problem.
I'm sure Cloudflare considers itself perfectly safe. You can trust your personal info to them! However, never trust it to any of Cloudflare's competitors!
This is such a stupid idea. First of all, I don't think most people see these every 10 days. You typically only see them when submitting inquiries or creating new accounts, which most people do but not regularly. So, aside from maybe secretaries, nobody is going to want a trinket like this. Second, hardware keys have proven over and over again to be effortlessly spoofed. All you have to do is create an emulated device that provides the key. Then, share that key with bots (the very thing captchas are supposed to prevent) and then you defeat the security. Or... just give the server containing the bot the key. Anything you could do to mitigate this it would still effectively make a physical key moot. At this rate, they might as well just have users create an account that uses 2FA. It's more secure, it doesn't require a dongle that you're just going to lose, and it could even be used to automatically fill in information, thereby speeding up the process even more. But even 2FA is a bad idea for this, because in the context that Captchas are used, it can still be abused.
