Mr.Kidney<p>Nabend liebe Gemeinde,<br>kennt sich hier jemand mit Passky aus (das kein Schreibfehler, das heißt so)? Kann man dem Passwortmanager vertrauen, ist die Softwarefirma in Ordnung?</p><p><a href="https://norden.social/tags/passwort" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwort</span></a> <a href="https://norden.social/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>password</span></a> <a href="https://norden.social/tags/passky" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passky</span></a> <a href="https://norden.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a> <a href="https://norden.social/tags/passwortmanager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwortmanager</span></a> <a href="https://norden.social/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://norden.social/tags/windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>windows</span></a> <a href="https://norden.social/tags/pc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pc</span></a> <a href="https://norden.social/tags/computer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>computer</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
mathstodon.xyz is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon instance for maths people. We have LaTeX rendering in the web interface!
Administered by:
Server stats:
2.8Kactive users
mathstodon.xyz: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#passkey
4 posts · 4 participants · 0 posts today
drs1969 (David Smith) 🇬🇧<p>I HATE this wretched <a href="https://mstdn.social/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkey</span></a> nonsense. Every browser, OS, Website is trying to get me to create the things with NO explanation of how they work or what consequences are AND when I'm actually in the middle of signing in using a password manager. </p><p>As near I can tell, I've just had Windows, Chrome and maybe Amazon all have go. </p><p>And talk about anti patterns! Major sign in changes are NOT what you try to force on people in the middle of login task completion. What's WRONG with you? <br><a href="https://mstdn.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p>
dreiwert<p><span class="h-card" translate="no"><a href="https://wetdry.world/@memes" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>memes</span></a></span> If your private key locked inside a hardware <a href="https://digitalcourage.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a>, don't despair. You can send it by snail mail to have us check.</p>
iX Magazin<p>iX-Workshop: Passwortlose Authentifizierung mit Passkeys, FIDO, SSO und mehr </p><p>Wie man FIDO2 und SSO in Webdienste integriert: Konzepte, Protokolle und Best Practices für eine sichere Authentifizierung mit und ohne Passwort.</p><p><a href="https://www.heise.de/news/iX-Workshop-Passwortlose-Authentifizierung-mit-Passkeys-FIDO-SSO-und-mehr-10344327.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/iX-Workshop-Pass</span><span class="invisible">wortlose-Authentifizierung-mit-Passkeys-FIDO-SSO-und-mehr-10344327.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/IdentityManagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IdentityManagement</span></a> <a href="https://social.heise.de/tags/IT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IT</span></a> <a href="https://social.heise.de/tags/iXWorkshops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iXWorkshops</span></a> <a href="https://social.heise.de/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkey</span></a> <a href="https://social.heise.de/tags/Verschl%C3%BCsselung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Verschlüsselung</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a></p>
[ENC]BladeXP<p>Hat jemand Erfahrung wie lange man z.B. <a href="https://chaos.social/tags/yubikey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>yubikey</span></a> als <a href="https://chaos.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a> Verschnitt wo lagern kann?</p><p>Oder leiden die unter Flash typischen Alzheimer wenn man die zu lange lagert?</p>
0xKaishakunin<p>Finally! 7 Factor Authentication! </p><p><a href="https://mastodon.social/tags/mfa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mfa</span></a> <a href="https://mastodon.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a> <a href="https://mastodon.social/tags/iam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iam</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
0xKaishakunin<p><span class="h-card" translate="no"><a href="https://chaos.social/@leah" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>leah</span></a></span> TBF die 5er Serie hatte insgesamt 6 Firmware Upgrade und unterstützt inzwischen auch SCP03, SCP11, YubiHSM Auth und der Speicher für Passkeys und OATH credentials ist gewachsen. </p><p>Die Security Keys sind günstiger, unterstützen aber nur <a href="https://mastodon.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO2</span></a> <a href="https://mastodon.social/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkey</span></a></p><p><a href="https://docs.yubico.com/hardware/yubikey/yk-tech-manual/yk5-overview.html#firmware-capability-matrices" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">docs.yubico.com/hardware/yubik</span><span class="invisible">ey/yk-tech-manual/yk5-overview.html#firmware-capability-matrices</span></a></p>
El Minuto<p>FÜr alle, die es noch nicht wissen, aber interessiert:<br><a href="https://metalhead.club/tags/ct3003" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ct3003</span></a> veröffentlicht die neuen Videos jetzt auch auf <a href="https://metalhead.club/tags/peertube" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>peertube</span></a><br><a href="https://metalhead.club/tags/makertube" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>makertube</span></a> <a href="https://metalhead.club/tags/ct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ct</span></a> <a href="https://metalhead.club/tags/ITmagazin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITmagazin</span></a> <a href="https://metalhead.club/tags/IT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IT</span></a> <br>Themen bisher: <a href="https://metalhead.club/tags/KI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KI</span></a> <a href="https://metalhead.club/tags/PassKey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PassKey</span></a> <a href="https://metalhead.club/tags/UnplugTrump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UnplugTrump</span></a><br>Schaut doch mal rein, damit sie auch weiter im Fediverse veröffentlichen.<br><a href="https://makertube.net/c/ct_3003_und_heise/videos" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">makertube.net/c/ct_3003_und_he</span><span class="invisible">ise/videos</span></a></p>
mindsConnected<p><a href="https://mastodon.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> is killing off passwords completely, in favour of passkeys. I think this will alienate a lot of people... thoughts? <a href="https://mindsconnected.tech/index.php?showtopic=1079&view=getnewpost" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mindsconnected.tech/index.php?</span><span class="invisible">showtopic=1079&view=getnewpost</span></a> <a href="https://mastodon.social/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>password</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.social/tags/windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>windows</span></a> <a href="https://mastodon.social/tags/windows10" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>windows10</span></a> <a href="https://mastodon.social/tags/windows11" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>windows11</span></a> <a href="https://mastodon.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a> <a href="https://mastodon.social/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a></p>
CEOTECH.IT<p>Google Password Manager: gestire le passkey sarà più facile<br><a href="https://mastodon.social/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> <a href="https://mastodon.social/tags/APKTeardown" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>APKTeardown</span></a> <a href="https://mastodon.social/tags/App" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>App</span></a> <a href="https://mastodon.social/tags/Autenticazione" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Autenticazione</span></a> <a href="https://mastodon.social/tags/GestioneAccessi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GestioneAccessi</span></a> <a href="https://mastodon.social/tags/GestorePassword" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GestorePassword</span></a> <a href="https://mastodon.social/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> <a href="https://mastodon.social/tags/GooglePasswordManager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GooglePasswordManager</span></a> <a href="https://mastodon.social/tags/Notizie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Notizie</span></a> <a href="https://mastodon.social/tags/Novit%C3%A0" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Novità</span></a> <a href="https://mastodon.social/tags/PassKey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PassKey</span></a> <a href="https://mastodon.social/tags/PasswordManager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PasswordManager</span></a> <a href="https://mastodon.social/tags/Sicurezza" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sicurezza</span></a> <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechNews</span></a> <a href="https://mastodon.social/tags/Tecnologia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tecnologia</span></a> </p><p><a href="https://www.ceotech.it/google-password-manager-gestire-le-passkey-sara-piu-facile/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">ceotech.it/google-password-man</span><span class="invisible">ager-gestire-le-passkey-sara-piu-facile/</span></a></p>
Matt Cengia<p>I'd love if there was a website like <a href="https://www.passkeys.io/who-supports-passkeys" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">passkeys.io/who-supports-passk</span><span class="invisible">eys</span></a> which showed which websites also support *non-resident* <a href="https://aus.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO2</span></a> authentication as opposed to resident <a href="https://aus.social/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkey</span></a>. Let's reward sites that have that support!</p>
c't Magazin<p>c't 3003: Das Problem mit Passkeys</p><p>Passkeys sind sicherer als Passwörter, aber Apple, Google & Co. schränken die Nutzung ein. c't 3003 zeigt, wie man sie plattformübergreifend einsetzen kann.</p><p><a href="https://www.heise.de/news/c-t-3003-Das-Problem-mit-Passkeys-10332792.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/c-t-3003-Das-Pro</span><span class="invisible">blem-mit-Passkeys-10332792.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/ct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ct</span></a> <a href="https://social.heise.de/tags/Entertainment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Entertainment</span></a> <a href="https://social.heise.de/tags/IT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IT</span></a> <a href="https://social.heise.de/tags/Mobiles" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mobiles</span></a> <a href="https://social.heise.de/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkey</span></a> <a href="https://social.heise.de/tags/Passw%C3%B6rter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwörter</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/Wissen" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Wissen</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a></p>
Karl Voit :emacs: :orgmode:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@yacc143" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>yacc143</span></a></span> FYI: <a href="https://graz.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> and <a href="https://graz.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO2</span></a> (= "device-bound <a href="https://graz.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a>" which can be divided into "platform-" and "roaming-authenticators") are identical except the <a href="https://graz.social/tags/cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloud</span></a>-sync mechanism (as of my current understanding).</p><p>So unfortunately, they get mixed up or are considered as totally different things. Both is wrong.</p><p>In reality, they are very similar except that FIDO2 hardware tokens ("device-bound passkeys" only in their "roaming-authenticator" variant) are designed that way, that Passkeys are not being able to extracted from the device (at least for the moment).</p><p>Therefore, users of HW tokens can't be tricked into transferring their passkey to a rogue third party, which is possible with all other Passkey variants. Therefore: passkeys are NOT <a href="https://graz.social/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a>-resistant in the general case.</p><p><a href="https://graz.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://graz.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://graz.social/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2FA</span></a></p>
Karl Voit :emacs: :orgmode:<p><a href="https://graz.social/tags/TroyHunt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TroyHunt</span></a> fell for a <a href="https://graz.social/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> attack on his mailinglist members: <a href="https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">troyhunt.com/a-sneaky-phish-ju</span><span class="invisible">st-grabbed-my-mailchimp-mailing-list/</span></a></p><p>Some of the ingredients: <a href="https://graz.social/tags/Outlook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Outlook</span></a> and its habit of hiding important information from the user and missing <a href="https://graz.social/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2FA</span></a> which is phishing-resistant.</p><p>Use <a href="https://graz.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO2</span></a> with hardware tokens if possible (<a href="https://graz.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> without FIDO2 HW tokens are NOT phishing-resistant due to the possibility of being able to trick users with credential transfers: <a href="https://arxiv.org/abs/2501.07380" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arxiv.org/abs/2501.07380</span><span class="invisible"></span></a>) and avoid Outlook (or <a href="https://graz.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a>) whenever possible.</p><p>Further learning: it could happen to the best of us! Don't be ashamed, try to minimize risks and be open about your mistakes.</p><p>Note: any 2FA is better than no 2FA at all.</p><p><a href="https://graz.social/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>email</span></a> <a href="https://graz.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://graz.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://graz.social/tags/OTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTP</span></a> <a href="https://graz.social/tags/TOTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TOTP</span></a> <a href="https://graz.social/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkey</span></a> <a href="https://graz.social/tags/haveibeenpwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>haveibeenpwned</span></a> <a href="https://graz.social/tags/Ihavebeenpwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ihavebeenpwned</span></a></p>
Samuel Lison<p><span class="h-card" translate="no"><a href="https://social.lol/@techlore" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>techlore</span></a></span> proton pass is good in that your data on proton pass is fully <a href="https://social.familylison.com/tags/encrypted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encrypted</span></a>. So if you use a hardware based <a href="https://social.familylison.com/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a> such as a <a href="https://social.familylison.com/tags/yubikey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>yubikey</span></a> to secure the main account, and have all your other accounts within use software based passkeys and 2FA, wouldn't be as much of a risk even if Proton Pass got breached as a service.</p>
Paul Giulan<p>To buy or not to buy <a href="https://federate.social/tags/Proton" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Proton</span></a> Pass lifetime deal for $199?</p><p><a href="https://federate.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://federate.social/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encryption</span></a> <a href="https://federate.social/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>password</span></a> <a href="https://federate.social/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> <a href="https://federate.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a> <a href="https://federate.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a> <a href="https://federate.social/tags/app" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>app</span></a> <a href="https://federate.social/tags/apps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>apps</span></a> <a href="https://federate.social/tags/extension" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>extension</span></a> <a href="https://federate.social/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://federate.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://federate.social/tags/DarkWeb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DarkWeb</span></a> <a href="https://federate.social/tags/boost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>boost</span></a></p>
tim<p>Ubiquiti added <a href="https://infosec.exchange/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a> support, is properly naming them, and using the provider icons 😍</p>
Karl Voit :emacs: :orgmode:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@technotenshi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>technotenshi</span></a></span> <a href="https://graz.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> are not prone to <a href="https://graz.social/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> according to my understanding of:<br><a href="https://arxiv.org/abs/2501.07380" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arxiv.org/abs/2501.07380</span><span class="invisible"></span></a></p><p>The paper describes that it's possible to fool Passkey owners to transfer their <a href="https://graz.social/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkey</span></a> to attackers: "Another concern could be social engineering, where a user is tricked into sharing a passkey with an account controlled by an attacker."</p><p>However, the authors disagree with my interpretation.</p><p>The only really secure method is hardware <a href="https://graz.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO2</span></a> tokens where the secrets can't leave the device.</p>
Alejandro Baez<p>I been a fan of <a href="https://fosstodon.org/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a> for a while. But getting all things to it has been a game of either I implement or good luck. 🫠</p><p>Enter <a href="https://fosstodon.org/tags/pocketid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pocketid</span></a>. <a href="https://fosstodon.org/tags/OIDC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OIDC</span></a> using passkey all the way. Definitely have a few local things to convert now to it. 😎</p><p><a href="https://github.com/pocket-id/pocket-id" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/pocket-id/pocket-id</span><span class="invisible"></span></a></p>
ALT43 :microblog:<p>La gente de Zen Browser anuncia el soporte de Passkey para la próxima actualización<br><a href="https://mastodon.social/tags/ZenBrowser" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ZenBrowser</span></a> <a href="https://mastodon.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a> <a href="https://mastodon.social/tags/firefox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firefox</span></a></p>
SearchLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload