handmade.social

0 posts0 participants0 posts today

Karl Voit :emacs: :orgmode:<a href="https://graz.social/tags/TroyHunt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TroyHunt</a> fell for a <a href="https://graz.social/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a> attack on his mailinglist members: <a href="https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/</a>Some of the ingredients: <a href="https://graz.social/tags/Outlook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Outlook</a> and its habit of hiding important information from the user and missing <a href="https://graz.social/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#2FA</a> which is phishing-resistant.Use <a href="https://graz.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FIDO2</a> with hardware tokens if possible (<a href="https://graz.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkeys</a> without FIDO2 HW tokens are NOT phishing-resistant due to the possibility of being able to trick users with credential transfers: <a href="https://arxiv.org/abs/2501.07380" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arxiv.org/abs/2501.07380</a>) and avoid Outlook (or <a href="https://graz.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a>) whenever possible.Further learning: it could happen to the best of us! Don't be ashamed, try to minimize risks and be open about your mistakes.Note: any 2FA is better than no 2FA at all.<a href="https://graz.social/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#email</a> <a href="https://graz.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://graz.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://graz.social/tags/OTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTP</a> <a href="https://graz.social/tags/TOTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TOTP</a> <a href="https://graz.social/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkey</a> <a href="https://graz.social/tags/haveibeenpwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#haveibeenpwned</a> <a href="https://graz.social/tags/Ihavebeenpwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ihavebeenpwned</a>

Erik van StratenPasskey/password bug: iOS 18.3.1Ook in iOS versie 18.3.1 is de eerder door mij gemelde iCloud KeyChain (*) kwetsbaarheid nog niet gerepareerd (eerder schreef ik hierover, Engelstalig: <a href="https://infosec.exchange/@ErikvanStraten/113821443334366419" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113821443334366419</a>).(*) Tegenwoordig is dat de app genaamd "Wachtwoorden" (of "Passwords").De kwetsbaarheid bestaat indien:• De eigenaar een "passcode" (pincode of wachtwoord) gebruikt om de iPhone of iPad te ontgrendelen - en er GÉÉN biometrie is geconfigureerd;ofwel:• De gebruiker wel biometrie kan gebruiken om het scherm te ontgrendelen, doch in 'Instellingen' > 'Touch ID en toegangscode' de instelling "Autom. invullen wachtw." is UITgezet.Zie onderstaande screenshots (Engelstalig in <a href="https://infosec.exchange/@ErikvanStraten/113821443334366419" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113821443334366419</a>). Meer info ziet u door op "Alt" in de plaatjes te drukken.Probleem: iedereen met toegang tot de ontgrendelde iPhone of iPad kan dan, *zonder* opnieuw lokaal te hoeven authenticeren:1) Op elke website inloggen waarvan het user-ID en wachtwoord in iCloud Keychain zijn opgeslagen;2) Met passkeys op enkele specifieke websites inloggen (waaronder <a href="https://account.apple.com" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://account.apple.com</a> en <a href="https://icloud.com" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://icloud.com</a>), namelijk als volgt:a) Open de website; b) Druk op "Inloggen"; c) Druk op de "x" rechts bovenaan de pop-up die verschijnt (in de onderste schermhelft); d) Druk kort in het veld waar om het e-mailadres gevraagd wordt; e) Druk op de knop "gebruik passkey".Risico: uitlenen van een unlocked iDevice (o.a. aan kinderen) maar ook diefstal nadat de passcode is afgekeken. Of als de dief geen passcode heeft, als deze wacht tot de eerstvolgende iOS/iPadOS kwetsbaarheid bekend wordt waarbij de schermontgrendeling omzeild kan worden.Als u ze nog niet gezien heeft, bekijk in elk geval de eerste van de volgende twee video's van Joanna Stern (van de Wall Street Journal): <a href="https://youtube.com/watch?v=QUYODQB_2wQ" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://youtube.com/watch?v=QUYODQB_2wQ</a> <a href="https://youtube.com/watch?v=tCfb9Wizq9Q" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://youtube.com/watch?v=tCfb9Wizq9Q</a><a href="https://infosec.exchange/tags/TouchID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TouchID</a> <a href="https://infosec.exchange/tags/FaceID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FaceID</a> <a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkeys</a> <a href="https://infosec.exchange/tags/iCloudKeychain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iCloudKeychain</a> <a href="https://infosec.exchange/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passwords</a> <a href="https://infosec.exchange/tags/PadswordsApp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PadswordsApp</a> <a href="https://infosec.exchange/tags/Wachtwoorden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Wachtwoorden</a> <a href="https://infosec.exchange/tags/WachtwoordenApp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WachtwoordenApp</a> <a href="https://infosec.exchange/tags/Biometrie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Biometrie</a> <a href="https://infosec.exchange/tags/Passcode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passcode</a> <a href="https://infosec.exchange/tags/iOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iOS</a> <a href="https://infosec.exchange/tags/iPadOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iPadOS</a> <a href="https://infosec.exchange/tags/iPhone" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iPhone</a> <a href="https://infosec.exchange/tags/iPad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iPad</a> <a href="https://infosec.exchange/tags/iDevice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#iDevice</a> <a href="https://infosec.exchange/tags/ScreenLock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ScreenLock</a> <a href="https://infosec.exchange/tags/ScreenUnlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ScreenUnlock</a> <a href="https://infosec.exchange/tags/SchermVergrendeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SchermVergrendeling</a> <a href="https://infosec.exchange/tags/SchermOntgrendeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SchermOntgrendeling</a> <a href="https://infosec.exchange/tags/SchermOntgrendelCode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SchermOntgrendelCode</a> <a href="https://infosec.exchange/tags/PINcode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PINcode</a> <a href="https://infosec.exchange/tags/Kwetsbaarheid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Kwetsbaarheid</a> <a href="https://infosec.exchange/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Vulnerability</a> <a href="https://infosec.exchange/tags/OngeautoriseerdeToegang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OngeautoriseerdeToegang</a> <a href="https://infosec.exchange/tags/IdentiteitsFraude" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IdentiteitsFraude</a> <a href="https://infosec.exchange/tags/Inloggen" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Inloggen</a> <a href="https://infosec.exchange/tags/Stern" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Stern</a> <a href="https://infosec.exchange/tags/JoannaStern" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JoannaStern</a> <a href="https://infosec.exchange/tags/WSJ" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WSJ</a>

Erik van StratenPasskey advice (ncsc.gov.uk)From <a href="https://www.ncsc.gov.uk/blog-post/passkeys-not-perfect-getting-better" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.ncsc.gov.uk/blog-post/passkeys-not-perfect-getting-better</a> (highly condensed by me): ❝ What then are the remaining problems with passkeys? 🔸 Inconsistent support and experiences 🔸 Device loss scenarios 🔸 Migration issues 🔸 Account recovery processes 🔸 Platform differences 🔸 Implementation complexity 🔸 Inconsistent use 🔸 Uncertainty around multi-factor status ❞🔹 I recently wrote about a number of Android an iOS/iPadOS vulnerabilities (including account lock-out risks) in <a href="https://infosec.exchange/@ErikvanStraten/113820358011090612" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113820358011090612</a> and a couple of follow-up toots.🔹 People wanting to know the basics of passkeys can read a somewhat acceptable translation from Dutch to English of my writeup "Passkeys for laymen", which can be seen by opening <a href="https://www-security-nl.translate.goog/posting/798699/Passkeys+voor+leken?_x_tr_sl=nl&_x_tr_tl=en&_x_tr_hl=nl" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www-security-nl.translate.goog/posting/798699/Passkeys+voor+leken?_x_tr_sl=nl&_x_tr_tl=en&_x_tr_hl=nl</a> (which seems to work in Chrome). The original article, in Dutch, can be seen in <a href="https://www.security.nl/posting/798699/Passkeys+voor+leken" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.security.nl/posting/798699/Passkeys+voor+leken</a>.🔹 A good source of (unbiased!) info is also Dan Goodin's article in <a href="https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/</a>.🔹 Finally: the problem with passwords starts with a 'p': it's PEOPLE. Use a password manager as I describe in <a href="https://infosec.exchange/@ErikvanStraten/113022180851761038" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113022180851761038</a> (with Android screenshot: <a href="https://infosec.exchange/@ErikvanStraten/113549056619471557" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113549056619471557</a>).<a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkeys</a> <a href="https://infosec.exchange/tags/WebAuthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WebAuthn</a> <a href="https://infosec.exchange/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FIDO2</a> <a href="https://infosec.exchange/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passwords</a>

tuban_muzuru<a href="https://ohai.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkeys</a> <a href="https://infosec.exchange/@dangoodin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@dangoodin</a> has a great article up on Ars T just now;<a href="https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/</a>

timLooks like Micro Center has added support for <a href="https://infosec.exchange/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkeys</a>!

paulmwatsonOh I didn't realise people think <a href="https://tilde.zone/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkeys</a> are the same as two factor authentication. They can be, they can be your second factor, but if your passkey just replaces your password (first factor) then you really should add a second factor too. <a href="https://tilde.zone/tags/2fa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#2fa</a>

Passkeys Developer 🔑🧑‍💻Chrome 133* is the first <a href="https://fosstodon.org/tags/WebAuthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WebAuthn</a> client to be all green!<a href="https://featuredetect.passkeys.dev" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://featuredetect.passkeys.dev</a><a href="https://fosstodon.org/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkeys</a>(*with some flags enabled)

Dom Kirby<a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkeys</a> in Authenticator are now generally available, so now is a good time to strategize rolling out phishing-resistant authentication/FIDO2 more broadly! <a href="https://domkirby.com/blog/entra-passkey-rollout/?utm_source=mastodon&utm_medium=social&utm_campaign=fedica-Dom-Main-Pipeline" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://domkirby.com/blog/entra-passkey-rollout/?utm_source=mastodon&utm_medium=social&utm_campaign=fedica-Dom-Main-Pipeline</a>

Matthew Miller :donor:It took nearly three weeks of refactor and getting more comfortable with how Deno works, but I'm happy to announce that SimpleWebAuthn v12.0.0 is now also available to install from JSR 🎉 <a href="https://jsr.io/@simplewebauthn" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://jsr.io/@simplewebauthn</a>Check out the CHANGELOG for more info:<a href="https://github.com/MasterKale/SimpleWebAuthn/releases/tag/v12.0.0" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/MasterKale/SimpleWebAuthn/releases/tag/v12.0.0</a><a href="https://infosec.exchange/tags/webauthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#webauthn</a> <a href="https://infosec.exchange/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkeys</a> <a href="https://infosec.exchange/tags/typescript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#typescript</a> <a href="https://infosec.exchange/tags/deno" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#deno</a> <a href="https://infosec.exchange/tags/jsr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#jsr</a>

Lukas BeranPasskeys are now generally available in Microsoft Authenticator!I have updated my blog post about Microsoft Entra ID passkeys in Microsoft Authenticator to reflect the current state and configuration options. More updates in January 2025 🙏 <a href="https://www.cswrld.com/2024/11/how-to-enable-microsoft-authenticator-passkeys-in-entra-id/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.cswrld.com/2024/11/how-to-enable-microsoft-authenticator-passkeys-in-entra-id/</a><a href="https://infosec.exchange/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkeys</a> <a href="https://infosec.exchange/tags/entraid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#entraid</a> <a href="https://infosec.exchange/tags/cswrld" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cswrld</a> <a href="https://infosec.exchange/tags/microsoftauthenticator" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#microsoftauthenticator</a>

Matthew Miller :donor:Sweet, Windows 11 Preview Build 22635.4515 is out on Beta Channel with the new Windows Hello passkey provider APIs! 🎉 <a href="https://blogs.windows.com/windows-insider/2024/11/22/announcing-windows-11-insider-preview-build-22635-4515-beta-channel/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://blogs.windows.com/windows-insider/2024/11/22/announcing-windows-11-insider-preview-build-22635-4515-beta-channel/</a><a href="https://infosec.exchange/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkeys</a> <a href="https://infosec.exchange/tags/webauthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#webauthn</a> <a href="https://infosec.exchange/tags/windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#windows</a>

Kal Feher<a href="https://infosec.exchange/tags/aws" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#aws</a> <a href="https://infosec.exchange/tags/reinvent" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#reinvent</a> Amazon <a href="https://infosec.exchange/tags/cognito" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cognito</a> has discovered <a href="https://infosec.exchange/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkeys</a>. Which is good. But you need to switch to the significantly more expensive new cognito tiers to use it. Sure you can stay on the older pricing, but AWS has pretty much decided you'll get no more features.Naturally the feature updates are split between eleventy billion notes.Main update is below. Also check the pricing page.<a href="https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-cognito-passwordless-authentication-low-friction-secure-logins" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://aws.amazon.com/about-aws/whats-new/2024/11/amazon-cognito-passwordless-authentication-low-friction-secure-logins</a>

timNo support for <a href="https://infosec.exchange/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkeys</a>, but I can set up an "anti-phishing code" 🤦🏻

Fabian BaderDevice-bound <a href="https://infosec.exchange/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkeys</a> in <a href="https://infosec.exchange/tags/EntraID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EntraID</a> are finally GA <a href="https://aka.ms/Ignite2024/entra" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://aka.ms/Ignite2024/entra</a><a href="https://infosec.exchange/tags/AiTM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AiTM</a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://infosec.exchange/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FIDO2</a>

Dom Kirby<a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkeys</a> in Microsoft authenticator are finally in general availability! This will help organizations implement strong authentication at far less expense! <a href="https://domkirby.com/blog/passkeys-in-authenticator-are-generally-available/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://domkirby.com/blog/passkeys-in-authenticator-are-generally-available/</a>

tskWhat I love about the <a href="https://infosec.exchange/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkeys</a> debate is that it tricks IT charlatans – who say users can't pay attention to https domain names – into saying "yes, users are responsible for key management".Passkeys aren't so much a replacement for passwords (services can easily require high entropy pws, and browsers / pw mgrs can easily generate them). They're a replacement for PKI / https verification of who a user is connecting to when they login. Both https and passkeys are intended to thwart <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a> Maybe passkeys are ultimately better, but their adoption also shows that the doctrine of user inattention/irresponsibility that all of today's infosec policies are built on is a falsehood.<a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passwords</a> <a href="https://infosec.exchange/tags/internet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#internet</a> <a href="https://infosec.exchange/tags/literacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#literacy</a> <a href="https://infosec.exchange/tags/https" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#https</a>

Ben TaskerThis pretty much expresses my frustration with <a href="https://mastodon.bentasker.co.uk/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkeys</a> - the _idea_ is sound, but the implementation is lacking and can often be confusing for users.I'm also mildly annoyed that they've made my Yubikey less convenient for 2FA on non-passkey sites because I now have to enter a pin rather than just tap it.<a href="https://www.theregister.com/2024/11/17/passkeys_passwords/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.theregister.com/2024/11/17/passkeys_passwords/</a>

Royce WilliamsNot sure when it changed, but each of my non-passkey security keys in my Google account now has a label that says "This key can only be used with a password".This is immediately followed by a "Learn more" link to <a href="https://support.google.com/titansecuritykey/answer/6103523" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://support.google.com/titansecuritykey/answer/6103523</a> ... but none of the tabs/views of that page ("Computer", "Android", "iPhone & iPad") makes any mention of passwords. 🤷There is still no apparent workflow to register new security keys without passkey creation.<a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkeys</a>

CharlieThe Good, the Bad, and the Ugly: Using WebAuthn and Passkeys – Cornelius Kölbel at <a href="https://social.veraciousnetwork.com/tags/OLFConference" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OLFConference</a><a href="https://video.veraciousnetwork.com/w/gg5GtYYk2fm8rnYkoscjap" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://video.veraciousnetwork.com/w/gg5GtYYk2fm8rnYkoscjap</a>Now (hopefully) in full 1080p, (unless this poor laptop catches on fire)<a href="https://social.veraciousnetwork.com/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linux</a> <a href="https://social.veraciousnetwork.com/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://social.veraciousnetwork.com/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkeys</a>

Pepijn Bruienne𝙰̶𝚑̶ ̶𝚢̶𝚎̶𝚜̶,̶ ̶𝚙̶𝚊̶𝚜̶𝚜̶𝚔̶𝚎̶𝚢̶𝚜̶Ah, yes! <a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkeys</a>! <a href="https://bird.makeup/users/fidoalliance/statuses/1857443912597524835" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://bird.makeup/users/fidoalliance/statuses/1857443912597524835</a>

Recent searches

Search options

Administered by:

Server stats:

#Passkeys