#passkey

These are public posts tagged with #passkey. You can interact with them if you have an account anywhere in the fediverse.

[ENC]BladeXP

Hat jemand Erfahrung wie lange man z.B. #yubikey als #passkey Verschnitt wo lagern kann?

Oder leiden die unter Flash typischen Alzheimer wenn man die zu lange lagert?

Apr 13, 2025, 14:40 · · 1 · 0
David Nelson

Occasionally Google prompts me to create a passkey immediately after I signed in with one. I cancel and move on. No big deal, but it seems quite obtuse. They know I have multiple registered and that I just used one of them. #Fido2 #Passkey #Passkey #Google #GoogleWorkspace

Apr 12, 2025, 23:42 · · · 0 · 0
El Minuto

FÜr alle, die es noch nicht wissen, aber interessiert:
#ct3003 veröffentlicht die neuen Videos jetzt auch auf #peertube
#makertube #ct #ITmagazin #IT
Themen bisher: #KI #PassKey #UnplugTrump
Schaut doch mal rein, damit sie auch weiter im Fediverse veröffentlichen.
makertube.net/c/ct_3003_und_he

c't 3003 und heise

A home for makers, musicians, artists and DIY folks

MakerTube
Apr 04, 2025, 19:38 · · 0 · 0
TechHelpKB.com 📚

A passkey is a secure, easy-to-use replacement for passwords. It uses your device's built-in security (Face ID, fingerprint, PIN, etc.) to log you into a website or service, without requiring you to remember or type anything.

#passkey #password #security
techspot.com/article/2971-pass

Mar 31, 2025, 16:40 · · 0 · 0
Karl Voit :emacs: :orgmode:

@yacc143 FYI: #Passkeys and #FIDO2 (= "device-bound #passkey" which can be divided into "platform-" and "roaming-authenticators") are identical except the #cloud-sync mechanism (as of my current understanding).

So unfortunately, they get mixed up or are considered as totally different things. Both is wrong.

In reality, they are very similar except that FIDO2 hardware tokens ("device-bound passkeys" only in their "roaming-authenticator" variant) are designed that way, that Passkeys are not being able to extracted from the device (at least for the moment).

Therefore, users of HW tokens can't be tricked into transferring their passkey to a rogue third party, which is possible with all other Passkey variants. Therefore: passkeys are NOT #phishing-resistant in the general case.

#security #authentication #2FA

Mar 26, 2025, 14:58 · · 0 · 0
Karl Voit :emacs: :orgmode:

#TroyHunt fell for a #phishing attack on his mailinglist members: troyhunt.com/a-sneaky-phish-ju

Some of the ingredients: #Outlook and its habit of hiding important information from the user and missing #2FA which is phishing-resistant.

Use #FIDO2 with hardware tokens if possible (#Passkeys without FIDO2 HW tokens are NOT phishing-resistant due to the possibility of being able to trick users with credential transfers: arxiv.org/abs/2501.07380) and avoid Outlook (or #Microsoft) whenever possible.

Further learning: it could happen to the best of us! Don't be ashamed, try to minimize risks and be open about your mistakes.

Note: any 2FA is better than no 2FA at all.

#email #malware #security #OTP #TOTP #Passkey #haveibeenpwned #Ihavebeenpwned

A Sneaky Phish Just Grabbed my Mailchimp Mailing List

You know when you're really jet lagged and really tired…

Troy Hunt
Mar 26, 2025, 10:33 · · · 2 · 0
Samuel Lison

@techlore proton pass is good in that your data on proton pass is fully #encrypted. So if you use a hardware based #passkey such as a #yubikey to secure the main account, and have all your other accounts within use software based passkeys and 2FA, wouldn't be as much of a risk even if Proton Pass got breached as a service.

Mar 22, 2025, 22:03 · · 0 · 0
Karl Voit :emacs: :orgmode:

@technotenshi #Passkeys are not prone to #phishing according to my understanding of:
arxiv.org/abs/2501.07380

The paper describes that it's possible to fool Passkey owners to transfer their #Passkey to attackers: "Another concern could be social engineering, where a user is tricked into sharing a passkey with an account controlled by an attacker."

However, the authors disagree with my interpretation.

The only really secure method is hardware #FIDO2 tokens where the secrets can't leave the device.

Device-Bound vs. Synced Credentials: A Comparative Evaluation of Passkey Authentication

With passkeys, the FIDO Alliance introduces the ability…

arXiv.org
Mar 20, 2025, 18:02 · · 1 · 0
ALT43 :microblog:

La gente de Zen Browser anuncia el soporte de Passkey para la próxima actualización
#ZenBrowser #passkey #firefox

Mar 16, 2025, 09:39 · · 0 · 0
WebMontag Kiel

#Passkey: Hat jemand Lust, im Juli beim WebMontag etwas über Passkeys zu erzählen?

Mar 07, 2025, 08:09 · · 0 · 0
ઉશ્કેરાયેલી-અદાલત-૬૫૧

@itsfoss Good so far.

On a side note it should have added passkey support at level,shouldn't it?
#ubuntu #opensource #foss #passkey

Mar 01, 2025, 18:33 · · 1 · 0
Laure

#help #geek mais pas #libre

Certains services en ligne passent maintenant par une #passkey pour s'authentifier. (typiquement les GoogleBidules, mais pas que et ce n'est que le début askyp')

Mon gestionnaire de mots de passe (bitwarden) ne peut enregistrer qu'une clé par couple identifiant - mot de passe sur un service.

Mais on dirait ?? les passkey sont liées aux appareils, et donc mon accès à Bidules OK sur 1 seul PC,
sur mon autre ordi ça marche pas, et je vois pas comment faire... ?

Feb 24, 2025, 19:24 · · 0 · 0

Resources

Developers

What is Mastodon?

qoto.org

More…

v3.5.19-qoto · Privacy policy