markstos, 4 months ago to linux

I tried setting up a #passkey with PayPal today. If all my devices were made by Apple, I'd be all set. But Windows and #Linux desktops are not supported, along with any browser not made by Apple or Google.

If every login involves Google or Apple being involved, I can't see how this is the "future of passwords". #security #CyberSecurity

And being able to use passkeys on some devices and browsers and not others just seems like a mess.

koehntopp, 4 months ago to passkeys

#passkey login really needs to be more consistent across applications. @bitwarden wants the master password after login with #Passkeys - what's the passkey for, then???
#PayPal asks for a TOTP after logging in with my passkey.

#SecurityTheatre

gnulinux, 4 months ago to passkeys German

Passkeys

Passwörter gelten als unsicher, weshalb Firmen wie Google, Microsoft und Apple das Konzept der Passkeys in den Markt drücken möchten. Ist das der richtige Weg, oder ist es nur Marketing?

#FIDO #FIDO2 #Passwörter #Passkey #Passkeys #Login #Linux

https://gnulinux.ch/passkeys

marcel, 5 months ago to random German

Hier ein Versuch der #ThreadOfThreads-Idee: Je einen 🧵 für Englisch und Deutsch über jeden meiner Fediverse-Threads.

Initial starte ich mit der Liste der #Top10 meistgelesenen Artikel von mir. Viel Spass beim #FeiertagsLesen!

🔟 Nicht wirklich «Responsible Disclosure»: Die Extraportion Spam über die Festtage (2023-12)
Noch keine zwei Tage alt und schafft es schon in die #TopTen, wow!

Bitte macht eure Disclosures anders. Danke!
https://waldvogel.family/@marcel/111622567290149119
https://dnip.ch/2023/12/22/nicht-wirklich-responsible-disclosure-die-extraportion-spam-ueber-die-festtage/

agektmr, 5 months ago (edited 5 months ago) to webdev

Do you know what "discoverable credentials" are? They are a type of #passkey credentials and an important concept to understand if you are interested in integrating passkeys in your system. #webauthn #authentication #webdev
https://web.dev/articles/webauthn-discoverable-credentials

douginamug, 5 months ago to linux

just got the #passkey demo on https://www.passkeys.io/ working on #linux

• distro: pop OS ("Ubuntu")
• browser: #firefox 120.0.1
• seurity key: #yubikey 5 NFC

'just worked' after setting a #FIDO2 PIN via YubiKey Manager https://support.yubico.com/hc/en-us/articles/360016649039-Enabling-the-Yubico-PPA-on-Ubuntu#01H30DBXGX5RDD4AM7M815GAA3

hertg, 5 months ago to random

When implementing #WebAuthn on an Identity Provider's side. Where exactly should one draw the line between #SecurityKey and #Passkey? I see that most platforms make a distinction between those. Can anyone link me some article or blog post on this topic? If I were to implement security key and passkey support on a provider that does not yet support any WebAuthn, should I go down the same route?

My current assumption is that during passkey registration you'd set "residentKey = required" and "userVerification = required", whereas for a security key you'd set "residentKey = discouraged" and "userVerification = preferred".

Also, I'm assuming that a security key can also function as a form of #passwordless multi-factor authentication if UV was true during registration AND authentication. Obviously without the neat part of Passkeys where you don't have to manually enter the username.

#IAM #Authentication

lexd0g, 6 months ago to random

holy fucking shit bitwarden finally got passkeys

ljrk, 6 months ago to random

Can we just kill AI support bots for good?

... Bitte lassen Sie den Chat bis dahin offen. Schließen Sie einfach die App oder Ihren Browser. ...

Translated from German:

... Please keep the chat open. Simply close the application or the browser. ...

Looking at you #PayPal. Incidentally, has anyone with the supported configurations in their FAQ (e.g., macOS with Chrome/Safari) managed to actually add a #Passkey there?

unixtippse, 6 months ago to random German

Von allen "alternativen" Login-Verfahren, mal von 2FA überhaupt nicht erst angefangen, ist mir #Passkey am unsympathischsten. Erstens verlegt es lediglich die olle Public-Key-Authentifizierung von der Transport- auf die Applikationsebene, und zweitens wissen wir nun wirklich sehr genau, wie schlecht selbst geschicktere Anwender in der Lage sind, mit Schlüsselmaterial umzugehen.

chris_hayes, 6 months ago to firefox

GitHub passkeys are now supported on Firefox+Ubuntu?
I thought built-in passkeys weren't supported yet on ubuntu, and firefox was waiting on ubuntu to implement.
#passkey #firefox

Edit: This may be related to something special 1Password is doing.

SirTapTap, 6 months ago to Nintendo

yoooo you can use a #PassKey with #Nintendo accounts now!

I've never seen Nintendo ahead on online shit like this.

0x58, 6 months ago to Cybersecurity

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #46/2023 is out! It includes the following and much more:

➝ 🔓 🇯🇵 #Toyota confirms breach after Medusa #ransomware threatens to leak data
➝ 🇺🇸 😂 Ransomware gang files #SEC complaint over victim’s undisclosed #breach
➝ 🔓 🪶 Attackers claim Plume Design, Inc data breach
➝ 🇺🇸 💰 #ICBC paid ransom after hack that disrupted markets, #cybercriminals say
➝ 🔓 #Dragos Says No Evidence of Breach After Ransomware Gang Claims Hack via Third Party
➝ 🔓 ✈️ Hackers swipe Booking.com, damage from attack is global
➝ 🇷🇺 🇺🇦 Russian #CyberEspionage Group Deploys #LitterDrifter USB #Worm in Targeted Attacks
➝ 🇮🇱 🇺🇸 Israeli Man Who Made $5M From Hacking Scheme Sentenced to Prison in US
➝ 🇫🇮 ⚖️ Alleged Extortioner of Psychotherapy Patients Faces Trial
➝ 🇺🇸 💸 #LockBit ransomware exploits #CitrixBleed in attacks, 10K servers exposed
➝ 🇺🇸 ⚖️ #IPStorm botnet with 23,000 proxies for malicious traffic dismantled
➝ 👶🏻 🧨 Teens with “digital bazookas” are winning the ransomware war, researcher laments
➝ 💸 #Ethereum feature abused to steal $60 million from 99K victims
➝ 🇩🇰 🇷🇺 #Denmark Hit With Largest #Cyberattack on Record
➝ 🇨🇳 🇰🇭 Chinese Hackers Launch Covert #Espionage Attacks on 24 Cambodian Organizations
➝ 🇲🇾 Major Phishing-as-a-Service Syndicate '#BulletProofLink' Dismantled by Malaysian Authorities
➝ 🇪🇺 🥳 EU Parliament committee rejects mass scanning of private and encrypted communications
➝ 🩹 #ICS Patch Tuesday: 90 Vulnerabilities Addressed by Siemens and Schneider Electric
➝ 🦠 🐍 27 Malicious #PyPI Packages with Thousands of Downloads Found Targeting IT Experts
🇻🇳 🇮🇳 Vietnamese Hackers Using New #Delphi-Powered #Malware to Target Indian Marketers
➝ 🔐 #Google Adds #Passkey Support to New Titan Security Key
➝ 🐛 Zero-Day Flaw in #Zimbra Email Software Exploited by Four Hacker Groups
➝ 🩹 #SAP Patches Critical Vulnerability in Business One Product
➝ 🐛 New #Reptar CPU flaw impacts Intel desktop and server systems
➝ 🐛 New #CacheWarp AMD #CPU attack lets hackers gain root in Linux VMs

📚 This week's recommended reading is: "Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World" by @marcusjcarey and Jennifer Jin

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-week-462023

masek, 6 months ago to bitwarden German

My #passkey setup:

• Primary storage ist via #bitwarden with a local #vaultwarden installation (both needs to be version 23.10 at least)
• Secondary storage is a #yubikey 5 NFC which I carry with me. This one alllows me to use the passkey on my iPhone (iPad not tested yet)
• Tertiary storage is another (cheaper) Yubikey which is deposited in a safe at home

Both Yubikeys are protected by a PIN which my wife knows. That way I canot lose access to my account and have taken precautions in case I become incapacitated.

But this setup requires quite some time for each web site to switch to passkeys. That's why I am so angry with companies like Paypal who make it practically unusable.

mattcen, 7 months ago (edited 7 months ago) to random

Oh look, another thing to take up a resident slot on my #Yubikey.
(#FIDO is a good choice, and when I read this headline I thought it was implying we'd need to give biometric ID directly to #MyGov, so I was pleasantly relieved, but... shakes fist at each #Passkey requiring a Resident key)
https://www.theguardian.com/australia-news/2023/nov/09/mygov-to-use-face-or-fingerprint-recognition-instead-of-passwords-in-bid-to-fight-scams

avoidthehack, 7 months ago to bitwarden

Bitwarden launches #passkey management

Finally! Xmas came early! Thanks @bitwarden for this rollout.

Bitwarden can now create, store, and manage passkeys.

So far, you can only generate passkeys using the #Bitwarden browser plugin. Support for mobile platforms (#ios and #android) are in the works.

#cybersecurity #security #infosec #passwordmanager #opensource

https://bitwarden.com/blog/bitwarden-launches-passkey-management/

bitwarden, 7 months ago to passkeys

New! Manage #passkeys inside your Bitwarden vault! Use the latest in secure passwordless technologies with the Bitwarden browser extension. Learn more in this blog and by joining the webcast on Nov. 9: https://bitwarden.com/blog/bitwarden-launches-passkey-management/

#security #cybersecurity #passwordmanager #passkey

ingo_wichmann, 7 months ago to random German

A nice and unbiased introduction to what a #passkey is:
https://www.eff.org/deeplinks/2023/10/what-passkey
Thx to @eff

Theeo123, 7 months ago to bitwarden

https://www.androidpolice.com/bitwarden-adding-passkeys-support-browser-extension/

Bitwarden has started rolling out passkey support to it's browser extensions as of version version 2023.10.0

#Passkey #Password #Passwordless #Bitwarden #Privacy #Security #OpenSource #FOSS

maralorn, 2 years ago to random

Why, in the year 2021, can‘t I login into every service I use via public key auth? I am sure we can even do this in a way, that every service sees another public key from me, so that they are uncorrelatable.

I am sure there are solutions in this direction. Can you point me to them?