LemonLDAP::NG<p>🍋 LemonLDAP::NG 2.21 is out!</p><p>📃 This new release includes improvements on OpenID Connect and CAS protocols, Loki logger, public notifications and much more.</p><p>🔗 Read our release notes: <a href="https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-0-is-out/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">projects.ow2.org/view/lemonlda</span><span class="invisible">p-ng/lemonldap-ng-2-21-0-is-out/</span></a></p><p><span class="h-card" translate="no"><a href="https://fosstodon.org/@ow2" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ow2</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@worteks_com" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>worteks_com</span></a></span> </p><p><a href="https://fosstodon.org/tags/IAM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IAM</span></a> <a href="https://fosstodon.org/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a> <a href="https://fosstodon.org/tags/CAS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CAS</span></a> <a href="https://fosstodon.org/tags/SAML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SAML</span></a> <a href="https://fosstodon.org/tags/OpenIDConnect" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenIDConnect</span></a> <a href="https://fosstodon.org/tags/OW2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OW2</span></a> <a href="https://fosstodon.org/tags/lemonldap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lemonldap</span></a> <a href="https://fosstodon.org/tags/lemonldapng" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>lemonldapng</span></a> <a href="https://fosstodon.org/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> <a href="https://fosstodon.org/tags/Passwordless" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwordless</span></a> <a href="https://fosstodon.org/tags/WebAuthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebAuthn</span></a> <a href="https://fosstodon.org/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO2</span></a> <a href="https://fosstodon.org/tags/Loki" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Loki</span></a> <a href="https://fosstodon.org/tags/WebSSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebSSO</span></a> <a href="https://fosstodon.org/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://fosstodon.org/tags/FreeSoftware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FreeSoftware</span></a> <a href="https://fosstodon.org/tags/LogicielLibre" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LogicielLibre</span></a> <a href="https://fosstodon.org/tags/Perl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Perl</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
social.coop is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Fediverse instance for people interested in cooperative and collective projects. If you are interested in joining our community, please apply at https://join.social.coop/registration-form.html.
Administered by:
Server stats:
489active users
social.coop: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.4
#passkeys
4 posts · 3 participants · 0 posts today
Cyrille Besson 🇨🇭<p>Hey techos 👋</p><p>Is it worth switching to passkeys ?</p><p><a href="https://tooting.ch/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://tooting.ch/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://tooting.ch/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://tooting.ch/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>password</span></a> <a href="https://tooting.ch/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a></p>
ksp1968<p><span class="h-card" translate="no"><a href="https://graz.social/@publicvoit" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>publicvoit</span></a></span> <span class="h-card" translate="no"><a href="https://social.tchncs.de/@keno3003" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>keno3003</span></a></span> <br>Ich habe 2 FIDO2 HW-Token und bin davon begeistert. Für den durchschnittlichen Anwender gut geeignet. Sehr einfach anzuwenden. Schade das nicht viel mehr Anbieter davon Gebrauch machen.<br>Zum Vergleich: Mit TOTP bin ich gescheitert. Das ist aufwändiger, und wenn man nicht richtig weiß wie es geht, kann man sich leicht ausschließen (Backup Schlüssel bei Einrichtung sofort sichern nicht vergessen.)<br><a href="https://norden.social/tags/fido2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido2</span></a> <a href="https://norden.social/tags/token" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>token</span></a> <a href="https://norden.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a> <a href="https://norden.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Karl Voit :emacs: :orgmode:<p><span class="h-card" translate="no"><a href="https://social.tchncs.de/@keno3003" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>keno3003</span></a></span> (2/2) Der einzige Schutz dagegen ist, wenn man physische <a href="https://graz.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO2</span></a>-Tokens verwendet ("device-bound passkeys" nur in der "roaming-authenticator"-Variante!), die das Auslesen des Geheimnisses prinzipiell ausschließen. Dies ist also die einzige wirklich Phishing-resistente Authentifizierungsmethode.</p><p>IMO sollten also die Tipps am Ende vom Video *mit Fokus auf Sicherheit* anders lauten:</p><p>- am besten 2 <a href="https://graz.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO2</span></a> HW-Tokens besorgen und für alle <a href="https://graz.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> verwenden (für <a href="https://graz.social/tags/IDAustria" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IDAustria</span></a> Österreich: <a href="https://www.oesterreich.gv.at/dam/jcr:972a25a0-65e6-4c2e-9422-a2e02ce16f2d/20230613_ID-Austria_FIDO.pdf" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">oesterreich.gv.at/dam/jcr:972a</span><span class="invisible">25a0-65e6-4c2e-9422-a2e02ce16f2d/20230613_ID-Austria_FIDO.pdf</span></a>)</p><p>- keine phishing-gefährdeten Fall-Back-Mechanismen verwenden: also nur den 2. FIDO2-Token</p><p>- jede 2FA ist besser als keine</p><p>- niemals Passwörter in die Cloud schicken (Cloud-PW-Manager)</p><p>HTH 🙇 </p><p><a href="https://graz.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://graz.social/tags/Sicherheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sicherheit</span></a> <a href="https://graz.social/tags/Authentifizierungsmethoden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentifizierungsmethoden</span></a></p>
Karl Voit :emacs: :orgmode:<p><span class="h-card" translate="no"><a href="https://social.tchncs.de/@keno3003" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>keno3003</span></a></span> ad "Das Problem mit Passkeys" <a href="https://www.youtube.com/watch?v=u7Ti-Jc-b3A&pp=ygUYZGFzIHByb2JsZW0gYmVpIHBhc3NrZXlz" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=u7Ti-Jc-b3</span><span class="invisible">A&pp=ygUYZGFzIHByb2JsZW0gYmVpIHBhc3NrZXlz</span></a></p><p>Sorry, dass <a href="https://graz.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> immer absolut resistent gegen <a href="https://graz.social/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> sind, stimmt leider nicht.</p><p><a href="https://arxiv.org/abs/2501.07380" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arxiv.org/abs/2501.07380</span><span class="invisible"></span></a><br>"Another concern could be social engineering, where a user is tricked into sharing a passkey with an account controlled by an attacker."</p><p>Meiner Interpretation nach ermöglicht also das Transferieren von Passkeys zu anderen Personen eindeutig Phishing-Methoden. Die sind vielleicht noch nicht in der Praxis aufgetaucht aber ausschließen kann man es keinesfalls.</p><p>(1/2)</p>
Matt Cengia<p>I was surprised last night to see that the latest Yubikeys support 100 <a href="https://aus.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a>, as opposed to the previous limit of 32, but it still doesn't feel like the best solution.</p>
Silke Meyer<p>Apropos <a href="https://univention.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a>: c't 3003 hat sich im letzten Video mit dem Thema Synchronisation des Schlüsselmaterials auseinandergesetzt. Die Möglichkeiten der Herstellerclouds oder eigener Passwortmanager werden kurz gezeigt. In Sachen User Experience gibt es für die geräteübergreifende Nutzung von Passkeys allerdings noch keine so gute Note...</p><p><a href="https://youtube.com/watch?v=u7Ti-Jc-b3A" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">youtube.com/watch?v=u7Ti-Jc-b3</span><span class="invisible">A</span></a></p><p><a href="https://univention.social/tags/2fa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2fa</span></a> <a href="https://univention.social/tags/mfa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mfa</span></a></p>
Silke Meyer<p>Ich empfahl ja neulich auf den <a href="https://univention.social/tags/clt2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>clt2025</span></a> den Vortrag über <a href="https://univention.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a>, die man für <a href="https://univention.social/tags/2fa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2fa</span></a> oder bei manchen Anbietern auch als einzige Authentifizierungsmethode nutzen kann. Auch den Vortrag könnt Ihr nachschauen. Link und Materialien sind hier: <a href="https://chemnitzer.linux-tage.de/2025/de/programm/beitrag/188" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">chemnitzer.linux-tage.de/2025/</span><span class="invisible">de/programm/beitrag/188</span></a></p><p><a href="https://univention.social/tags/mfa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mfa</span></a> <a href="https://univention.social/tags/login" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>login</span></a> <a href="https://univention.social/tags/sso" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sso</span></a> <a href="https://univention.social/tags/webauthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webauthn</span></a></p>
techUpdate.io<p>Neue Microsoft-Anmeldung: Schöner, schlauer, sicherer</p><p><a href="https://techupdate.io/microsoft/neue-microsoft-anmeldung-schoener-schlauer-sicherer/50240/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">techupdate.io/microsoft/neue-m</span><span class="invisible">icrosoft-anmeldung-schoener-schlauer-sicherer/50240/</span></a></p><p><a href="https://mastodon.social/tags/technews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technews</span></a> <a href="https://mastodon.social/tags/microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>microsoft</span></a> <a href="https://mastodon.social/tags/windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>windows</span></a> <a href="https://mastodon.social/tags/cybersicherheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersicherheit</span></a> <a href="https://mastodon.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a> <a href="https://mastodon.social/tags/fluentdesign" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fluentdesign</span></a> <a href="https://mastodon.social/tags/onlinesicherheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>onlinesicherheit</span></a> <a href="https://mastodon.social/tags/digitalnews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>digitalnews</span></a> <a href="https://mastodon.social/tags/microsoftkonto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>microsoftkonto</span></a></p>
Karl Voit :emacs: :orgmode:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@yacc143" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>yacc143</span></a></span> FYI: <a href="https://graz.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> and <a href="https://graz.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO2</span></a> (= "device-bound <a href="https://graz.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a>" which can be divided into "platform-" and "roaming-authenticators") are identical except the <a href="https://graz.social/tags/cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloud</span></a>-sync mechanism (as of my current understanding).</p><p>So unfortunately, they get mixed up or are considered as totally different things. Both is wrong.</p><p>In reality, they are very similar except that FIDO2 hardware tokens ("device-bound passkeys" only in their "roaming-authenticator" variant) are designed that way, that Passkeys are not being able to extracted from the device (at least for the moment).</p><p>Therefore, users of HW tokens can't be tricked into transferring their passkey to a rogue third party, which is possible with all other Passkey variants. Therefore: passkeys are NOT <a href="https://graz.social/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a>-resistant in the general case.</p><p><a href="https://graz.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://graz.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://graz.social/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2FA</span></a></p>
Karl Voit :emacs: :orgmode:<p><a href="https://graz.social/tags/TroyHunt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TroyHunt</span></a> fell for a <a href="https://graz.social/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> attack on his mailinglist members: <a href="https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">troyhunt.com/a-sneaky-phish-ju</span><span class="invisible">st-grabbed-my-mailchimp-mailing-list/</span></a></p><p>Some of the ingredients: <a href="https://graz.social/tags/Outlook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Outlook</span></a> and its habit of hiding important information from the user and missing <a href="https://graz.social/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2FA</span></a> which is phishing-resistant.</p><p>Use <a href="https://graz.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO2</span></a> with hardware tokens if possible (<a href="https://graz.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> without FIDO2 HW tokens are NOT phishing-resistant due to the possibility of being able to trick users with credential transfers: <a href="https://arxiv.org/abs/2501.07380" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arxiv.org/abs/2501.07380</span><span class="invisible"></span></a>) and avoid Outlook (or <a href="https://graz.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a>) whenever possible.</p><p>Further learning: it could happen to the best of us! Don't be ashamed, try to minimize risks and be open about your mistakes.</p><p>Note: any 2FA is better than no 2FA at all.</p><p><a href="https://graz.social/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>email</span></a> <a href="https://graz.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> <a href="https://graz.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://graz.social/tags/OTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTP</span></a> <a href="https://graz.social/tags/TOTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TOTP</span></a> <a href="https://graz.social/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkey</span></a> <a href="https://graz.social/tags/haveibeenpwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>haveibeenpwned</span></a> <a href="https://graz.social/tags/Ihavebeenpwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ihavebeenpwned</span></a></p>
Will Martin<p>New blog post! A casual explainer on password managers and passkeys. </p><p>Goal: have something I can share with friends & family when they ask what I do.</p><p>Would love feedback, Fediverse 🙏 </p><p><a href="https://willmartian.com/posts/passwords-managers-passkeys-oh-my/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">willmartian.com/posts/password</span><span class="invisible">s-managers-passkeys-oh-my/</span></a></p><p><a href="https://fosstodon.org/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> <a href="https://fosstodon.org/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a> <a href="https://fosstodon.org/tags/Bitwarden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bitwarden</span></a></p>
techUpdate.io<p>Cloudflare-Studie: Fast jeder zweite Login erfolgt mit gestohlenen Passwörtern</p><p><a href="https://techupdate.io/sicherheit/cloudflare-studie-fast-jeder-zweite-login-erfolgt-mit-gestohlenen-passwoertern/50231/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">techupdate.io/sicherheit/cloud</span><span class="invisible">flare-studie-fast-jeder-zweite-login-erfolgt-mit-gestohlenen-passwoertern/50231/</span></a></p><p><a href="https://mastodon.social/tags/technews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technews</span></a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.social/tags/datenschutz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>datenschutz</span></a> <a href="https://mastodon.social/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://mastodon.social/tags/itsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsecurity</span></a> <a href="https://mastodon.social/tags/passwortsicherheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwortsicherheit</span></a> <a href="https://mastodon.social/tags/cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudflare</span></a> <a href="https://mastodon.social/tags/bots" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bots</span></a> <a href="https://mastodon.social/tags/wordpress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>wordpress</span></a> <a href="https://mastodon.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a> <a href="https://mastodon.social/tags/itnews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itnews</span></a></p>
Pixelcode 🇺🇦<p>Honestly, I don't really get the point of NFC-enabled FIDO2 tokens / hardware <a href="https://social.tchncs.de/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a>: Obviously, their NFC support is meant for phones, but to actually use the key, your phone's operating system must support <a href="https://social.tchncs.de/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO2</span></a> in the first place.</p><p>Instead of connecting your <a href="https://social.tchncs.de/tags/NFC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NFC</span></a> token, you could just as well use your phone's internal FIDO2 storage (usually biometrically secured). NFC is not even useful for ungoogled devices, as <a href="https://social.tchncs.de/tags/MicroG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MicroG</span></a> also has internal FIDO2 support (which I use all the time).</p>
Silke Meyer<p>Für alle, die sich mit MFA beschäftigen, ist der Vortrag zu Passkeys von Stefan Schumacher heute um 14:00 Uhr sehr interessant! Der Link zum Stream ist in der Ankündigung zu finden.</p><p><a href="https://chemnitzer.linux-tage.de/2025/de/programm/beitrag/188" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">chemnitzer.linux-tage.de/2025/</span><span class="invisible">de/programm/beitrag/188</span></a></p><p><a href="https://univention.social/tags/clt2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>clt2025</span></a><br><a href="https://univention.social/tags/mfa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mfa</span></a> <a href="https://univention.social/tags/2fa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2fa</span></a> <a href="https://univention.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a><br><a href="https://univention.social/tags/keycloak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>keycloak</span></a></p>
Geekland<p>Passkey o usar autenticación en dos pasos: estas son las diferencias <a href="https://mastodon.social/tags/seguridad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>seguridad</span></a> <a href="https://mastodon.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a> <a href="https://mastodon.social/tags/2fa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2fa</span></a> <a href="https://www.redeszone.net/noticias/seguridad/passkey-vs-autenticacion-dos-pasos/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">redeszone.net/noticias/segurid</span><span class="invisible">ad/passkey-vs-autenticacion-dos-pasos/</span></a></p>
Karl Voit :emacs: :orgmode:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@technotenshi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>technotenshi</span></a></span> <a href="https://graz.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> are not prone to <a href="https://graz.social/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> according to my understanding of:<br><a href="https://arxiv.org/abs/2501.07380" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arxiv.org/abs/2501.07380</span><span class="invisible"></span></a></p><p>The paper describes that it's possible to fool Passkey owners to transfer their <a href="https://graz.social/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkey</span></a> to attackers: "Another concern could be social engineering, where a user is tricked into sharing a passkey with an account controlled by an attacker."</p><p>However, the authors disagree with my interpretation.</p><p>The only really secure method is hardware <a href="https://graz.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO2</span></a> tokens where the secrets can't leave the device.</p>
𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕<p>«PassKey Account Takeover in All Mobile Browsers: Phishing PassKeys credentials using browser intents»</p><p>I hope this is not confirmed and if so knows <span class="h-card" translate="no"><a href="https://fosstodon.org/@passkeysdev" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>passkeysdev</span></a></span> or someone of you?</p><p>🔑 <a href="https://mastersplinter.work/research/passkey/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastersplinter.work/research/p</span><span class="invisible">asskey/</span></a></p><p><a href="https://chaos.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a> <a href="https://chaos.social/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> <a href="https://chaos.social/tags/itsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsec</span></a> <a href="https://chaos.social/tags/browser" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>browser</span></a> <a href="https://chaos.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a> <a href="https://chaos.social/tags/account" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>account</span></a> <a href="https://chaos.social/tags/dev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dev</span></a> <a href="https://chaos.social/tags/webdev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webdev</span></a> <a href="https://chaos.social/tags/takeover" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>takeover</span></a> <a href="https://chaos.social/tags/askfedi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>askfedi</span></a> <a href="https://chaos.social/tags/CVE_2024_9956" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2024_9956</span></a> <a href="https://chaos.social/tags/CVE20249956" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE20249956</span></a> <a href="https://chaos.social/tags/pleaseboost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pleaseboost</span></a> <a href="https://chaos.social/tags/plsboost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>plsboost</span></a></p>
Gonçalo Valério<p>"CVE-2024-9956 - PassKey Account Takeover in All Mobile Browsers"</p><p><a href="https://mastersplinter.work/research/passkey/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastersplinter.work/research/p</span><span class="invisible">asskey/</span></a></p><p><a href="https://s.ovalerio.net/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://s.ovalerio.net/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://s.ovalerio.net/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a></p>
TechnoTenshi :verified_trans: :Fire_Lesbian:<p>A vulnerability (CVE-2024-9956) in major mobile browsers allowed attackers within Bluetooth range to phish PassKeys credentials using FIDO:/ intents, enabling account takeovers. The flaw has been patched by browser vendors. </p><p><a href="https://mastersplinter.work/research/passkey/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastersplinter.work/research/p</span><span class="invisible">asskey/</span></a></p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/PassKeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PassKeys</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload