And you could use a hardware key auth.
Like the German eID, where the key is signed by the government and on a special chipcard.
The software requests the card to sign, you need to type in your PIN on the reader itself, and the request will be signed with RSA.
The public key is world-readable on the card, so you can just send that to the server.
And you could use a hardware key auth.
Like the German eID, where the key is signed by the government and on a special chipcard.
The software requests the card to sign, you need to type in your PIN on the reader itself, and the request will be signed with RSA.
The public key is world-readable on the card, so you can just send that to the server.