Marcel SIneM(S)US<p><a href="https://social.tchncs.de/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apple</span></a> :apple_inc: erweitert Passwörter-App-Unterstützung für Windows | Mac & i <a href="https://www.heise.de/news/Apple-erweitert-Passwoerter-App-Unterstuetzung-fuer-Windows-10483159.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Apple-erweitert-</span><span class="invisible">Passwoerter-App-Unterstuetzung-fuer-Windows-10483159.html</span></a> <a href="https://social.tchncs.de/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://social.tchncs.de/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://social.tchncs.de/tags/Passwortmanager" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwortmanager</span></a> <a href="https://social.tchncs.de/tags/PasswordManager" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PasswordManager</span></a> <a href="https://social.tchncs.de/tags/Passkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passkey</span></a> <a href="https://social.tchncs.de/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passkeys</span></a></p>
techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome
Administered by:
Server stats:
4.7Kactive users
techhub.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#Passkeys
9 posts · 9 participants · 0 posts today
Seth G.<p><span class="h-card" translate="no"><a href="https://mastodon.online/@cryptomator" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>cryptomator</span></a></span> Credential management was a particularly fun one to figure out: the best way to secure those.</p><p>I am using Proton Pass, since they have cloud-synced <a href="https://chaos.social/tags/passkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkey</span></a> support, but their export only supports .json. To make it easy, I import the .json into <span class="h-card" translate="no"><a href="https://fosstodon.org/@keepassxc" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>keepassxc</span></a></span> to make a <a href="https://chaos.social/tags/KeePass" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KeePass</span></a> vault, so even if the service goes down, I can still open my creds on desktop or <a href="https://chaos.social/tags/KeePassDX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KeePassDX</span></a>. KeePass vaults are also widely-supported for import into other cloud credential managers.</p><p><a href="https://chaos.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkeys</span></a></p>
Alex Jimenez<p>How <a href="https://mas.to/tags/PassKeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PassKeys</span></a> work: The complete guide to your inevitable passwordless future </p><p>Why are passkeys so much safer than passwords? And how exactly does this sorcery work? We go behind the scenes of this still-evolving authentication process.</p><p><a href="https://www.zdnet.com/article/how-passkeys-work-the-complete-guide-to-your-inevitable-passwordless-future/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">zdnet.com/article/how-passkeys</span><span class="invisible">-work-the-complete-guide-to-your-inevitable-passwordless-future/</span></a></p><p><a href="https://mas.to/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a></p>
Steve Dustcircle 🌹<p>How <a href="https://masto.ai/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkeys</span></a> work: Let's start the <a href="https://masto.ai/tags/passkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkey</span></a> registration process </p><p><a href="https://www.zdnet.com/article/how-passkeys-work-lets-start-the-passkey-registration-process/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">zdnet.com/article/how-passkeys</span><span class="invisible">-work-lets-start-the-passkey-registration-process/</span></a></p>
holzdiebimeinsatz<p>2 neue Tutorials auf meiner Seite … Hurra :)</p><p>Wie und warum sollte man WhatsApp mit einem Proxy verwenden?</p><p><a href="https://www.christiansblog.eu/tutorials/whatsappproxy/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">christiansblog.eu/tutorials/wh</span><span class="invisible">atsappproxy/</span></a></p><p>Was sind Passkeys und wie funktionieren sie?</p><p><a href="https://www.christiansblog.eu/tutorials/passkeys/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">christiansblog.eu/tutorials/pa</span><span class="invisible">sskeys/</span></a></p><p><a href="https://mastodon.social/tags/holzdiebimeinsatz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>holzdiebimeinsatz</span></a> <a href="https://mastodon.social/tags/tutorials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tutorials</span></a> <a href="https://mastodon.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passkeys</span></a> <a href="https://mastodon.social/tags/WhatsApp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WhatsApp</span></a> <a href="https://mastodon.social/tags/Anleitungen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Anleitungen</span></a></p>
Steve Dustcircle 🌹<p>How <a href="https://mastodon.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkeys</span></a> work: Your <a href="https://mastodon.social/tags/passwordless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwordless</span></a> journey begins here </p><p><a href="https://www.zdnet.com/article/how-passkeys-work-your-passwordless-journey-begins-here/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">zdnet.com/article/how-passkeys</span><span class="invisible">-work-your-passwordless-journey-begins-here/</span></a></p>
StanceOfMind<p>Microsoft has said that it's ending support for passwords in its Authenticator app starting August 1, 2025.</p><p><a href="https://thehackernews.com/2025/07/microsoft-removes-password-management.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">thehackernews.com/2025/07/micr</span><span class="invisible">osoft-removes-password-management.html</span></a> <a href="https://tech.lgbt/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://tech.lgbt/tags/Authenticator" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authenticator</span></a> <a href="https://tech.lgbt/tags/Passcodes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passcodes</span></a> <a href="https://tech.lgbt/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passkeys</span></a> <a href="https://tech.lgbt/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://tech.lgbt/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tech</span></a></p>
Stefan :veritrek:<p>This is great! Waiting for <a href="https://social.stefanberger.net/tags/strongbox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>strongbox</span></a> to adapt the new <a href="https://social.stefanberger.net/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkeys</span></a> APIs. <a href="https://hachyderm.io/@rmondello/114813337794341023" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hachyderm.io/@rmondello/114813</span><span class="invisible">337794341023</span></a></p>
Leonardo<p><a href="https://www.zdnet.com/article/how-passkeys-work-the-complete-guide-to-your-inevitable-passwordless-future/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">zdnet.com/article/how-passkeys</span><span class="invisible">-work-the-complete-guide-to-your-inevitable-passwordless-future/</span></a><br><a href="https://mastodon.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkeys</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p>
gtbarry<p>Microsoft Will Delete Your Passwords in One Month: Do This ASAP</p><p>Starting in August, Microsoft will require you to use passkeys instead of keeping all of your Microsoft passwords on its mobile app, and your old passwords will vanish. </p><p><a href="https://mastodon.social/tags/microsft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>microsft</span></a> <a href="https://mastodon.social/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://mastodon.social/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://mastodon.social/tags/authenticator" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authenticator</span></a> <a href="https://mastodon.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkeys</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p><p><a href="https://www.cnet.com/tech/microsoft-will-delete-your-passwords-in-one-month-do-this-asap/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cnet.com/tech/microsoft-will-d</span><span class="invisible">elete-your-passwords-in-one-month-do-this-asap/</span></a></p>
Cliff<p>Not really surprised to see this. </p><p>Microsoft Authenticator is ending support for passwords.</p><p><a href="https://www.theverge.com/news/695288/microsoft-authenticator-autofill-store-passwords" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theverge.com/news/695288/micro</span><span class="invisible">soft-authenticator-autofill-store-passwords</span></a></p><p><a href="https://infosec.exchange/tags/MS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MS</span></a> <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://infosec.exchange/tags/Authenticator" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authenticator</span></a> <a href="https://infosec.exchange/tags/Password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Password</span></a> <a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passkeys</span></a> <a href="https://infosec.exchange/tags/Apps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apps</span></a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>News</span></a> <a href="https://infosec.exchange/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tech</span></a> <a href="https://infosec.exchange/tags/TechNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechNews</span></a></p>
⁉️<p>For the first time today, I tried to save a Passkey to KeePassium. But I get an error message on iOS.</p><p><span class="h-card" translate="no"><a href="https://mastodon.social/@KeePassium" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>KeePassium</span></a></span><br><a href="https://mastodon.social/tags/KeePassium" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KeePassium</span></a> <a href="https://mastodon.social/tags/iOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iOS</span></a> <a href="https://mastodon.social/tags/Autofill" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Autofill</span></a> <a href="https://mastodon.social/tags/Passkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passkey</span></a> <a href="https://mastodon.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passkeys</span></a></p>
Winbuzzer<p>Microsoft Sunsets Password Autofill in Authenticator, Pushing Users to Edge</p><p><a href="https://mastodon.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://mastodon.social/tags/Authenticator" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authenticator</span></a> <a href="https://mastodon.social/tags/MicrosoftEdge" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MicrosoftEdge</span></a> <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.social/tags/Passwordless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwordless</span></a> <a href="https://mastodon.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passkeys</span></a></p><p><a href="https://winbuzzer.com/2025/07/04/microsoft-sunsets-password-autofill-in-authenticator-pushing-users-to-edge-xcxwbn/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">winbuzzer.com/2025/07/04/micro</span><span class="invisible">soft-sunsets-password-autofill-in-authenticator-pushing-users-to-edge-xcxwbn/</span></a></p>
Ian Brown 👨🏻💻<p>As requested from several directions, I tried to update my expert profile on the EU's experts website, since <span class="h-card" translate="no"><a href="https://social.ngi.eu/@ngi" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ngi</span></a></span> is looking for more reviewers. But as usual, the horror of the EC's own login system (WHY!) struck again (<a href="https://eupolicy.social/tags/ECAS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ECAS</span></a>).</p><p>WHY DOESN'T IT USE STANDARD WEB TECHNOLOGIES LIKE <a href="https://eupolicy.social/tags/PASSKEYS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PASSKEYS</span></a>!!</p><p>I STILL CAN'T ACTIVATE 2FA AND I HAVE THE EU LOGIN APP SET UP ON MY IPHONE!</p><p>GAAAAAAAAAAAAAH! 🤯</p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@relishthecracker" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>relishthecracker</span></a></span> : that's make belief.</p><p>"Wow, asymmetric encryption, even quantum-computer-proof", "military-grade", etcetera.</p><p>Right after logging in using a passkey with an unbreakably protected private key, the website sends a session cookie (or similar) to the browser - which is NOT protected like private keys. If a website (like most of them) does not log you out if your IP-address changes, such a cookie is nearly as bad as a password. And fully if the cookie never expires.</p><p>Therefore:</p><p>1️⃣ Even if attackers cannot copy private keys: if the user device is sufficiently compromised (i.e. on Android, running an accessibility service), they can take over all of the user's accounts;</p><p>2️⃣ If the user's browser is compromised, attackers can copy session cookies and use them to obtain access to accounts the user logs in to;</p><p>3️⃣ An AitM (Attacker in the Middle) using a malicious website can copy/steal authentication cookies. Such AitM-attacks are possible in at least the following cases if either:</p><p>• A malicious third party website manages to obtain a fraudulently issued certificate (examples: <a href="https://infosec.exchange/@ErikvanStraten/112914050216821746" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112914050216821746</span></a>);</p><p>• An attacker obtains unauthorised write access to the website's DNS record;</p><p>• An attacker manages to obtain access to a server where a "dangling" (forgotten) subdomain name points to, *AND* the real authenticating server (RP) does not carefully check for allowed subdomains (see <a href="https://github.com/w3ctag/design-reviews/issues/97#issuecomment-175766580" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/w3ctag/design-revie</span><span class="invisible">ws/issues/97#issuecomment-175766580</span></a>);</p><p>4️⃣ The server is compromised or has a rogue admin: the attacker can add their passkey's public key to your account, or replace your public key with theirs (note that passkey pubkeys are not encapsulated by certificates issued by trusted issuers, stating who owns the public key).</p><p>Phishing using fake websites is probably the number one problem on the internet. *THE* major advantage of passkeys is that they make phishing attacks VERY HARD.</p><p>Indeed, if your device is sufficiently compromised, the risk of all of your passwords being stolen if you use a password manager is BIG.</p><p>However, as I wrote, if your device is sufficiently compromised, an attacker does not need access to your private keys in order to obtain access to your accounts.</p><p><span class="h-card" translate="no"><a href="https://sigmoid.social/@oliversampson" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>oliversampson</span></a></span> <span class="h-card" translate="no"><a href="https://cathode.church/@kaye" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kaye</span></a></span> </p><p><a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passkeys</span></a> <a href="https://infosec.exchange/tags/PasswordManagers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PasswordManagers</span></a> <a href="https://infosec.exchange/tags/DomainNames" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DomainNames</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/Cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cryptography</span></a> <a href="https://infosec.exchange/tags/MilitaryGrade" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MilitaryGrade</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/ATO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ATO</span></a> <a href="https://infosec.exchange/tags/AccountTakeOver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AccountTakeOver</span></a> <a href="https://infosec.exchange/tags/Passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwords</span></a> <a href="https://infosec.exchange/tags/SharedSecrets" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharedSecrets</span></a> <a href="https://infosec.exchange/tags/AsymmetricCryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AsymmetricCryptography</span></a> <a href="https://infosec.exchange/tags/SubDomains" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SubDomains</span></a> <a href="https://infosec.exchange/tags/DanglingSubDomains" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DanglingSubDomains</span></a></p>
Peter Steiner 🇨🇭🇺🇦(he/him)<p>Eigentlich müsste ein erneutes Einloggen heutzutage ja schnell und schmerzlos möglich sein, es gibt ja Passkeys. Funktioniert mit Onleihe 2.0 leider nicht: <a href="https://mastodon.green/@pesche/114784018802642590" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.green/@pesche/1147840</span><span class="invisible">18802642590</span></a></p><p>2/x</p><p><a href="https://mastodon.green/tags/onleihe2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>onleihe2</span></a> <a href="https://mastodon.green/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkeys</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://sigmoid.social/@oliversampson" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>oliversampson</span></a></span> <span class="h-card" translate="no"><a href="https://cathode.church/@kaye" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kaye</span></a></span> </p><p>Primary passkeys advantage:<br>• With some uncommon exceptions, you cannot (be persuaded to) log in to a phishing website with a (slightly) different domain name *USING A PASSKEY* (see below) - because software (not you) checks the domain name.</p><p>Some passkeys disadvantages:<br>• Typically you yourself do not have access to each passkey's private key (*)(usually you can't back them up/export them). Risks: vendor lock-in and losing access to accounts.</p><p>• Because there's a risk of losing access to passkeys and thus to accounts, usually accounts can also be accessed using a rescue code - which renders them phishable again.</p><p>• Implementation errors (both Apple and Android suffered from them, and probably still do - I did not check today).</p><p>(*) For each new passkey, your device generates a unique complementary keypair. The public key is stored in your account on the server and is used to verify that your device has access to the complementary private key, which is kept secret. However, even if attackers do not have access to your private key(s), there are other ways for them to obtain access your account(s).</p><p>A reasonable alternative to passkeys is using a password manager that "integrates" with the browser to verify the domain name of the site you're logging in to. Android and iOS "Autofill" provide such a bridge between password managers and browsers (without requiring browser plug-ins).</p><p><a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passkeys</span></a> <a href="https://infosec.exchange/tags/PasswordManagers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PasswordManagers</span></a> <a href="https://infosec.exchange/tags/DomainNames" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DomainNames</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MitM</span></a></p>
Karl Voit :emacs: :orgmode:<p><span class="h-card" translate="no"><a href="https://social.bund.de/@bsi" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bsi</span></a></span> Nitpicking: gerade bei <a href="https://graz.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passkeys</span></a> besteht die Möglichkeit, über die Cloud auch anderen Personen Zugriff zu geben. Daher muss man mit Passkeys genau aufpassen, wem man hier Rechte eingeräumt hat.</p><p>Daher sind Passkeys auch in solchen Fällen leider anfällig auf <a href="https://graz.social/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> (Angreifer gibt vor, Freund zu sein).</p><p>Aber immer noch besser als fast alle anderen Authentifizierungsmethoden. 👍 Nur HW-Tokens mit <a href="https://graz.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FIDO2</span></a> sind besser, da sie die privaten Keys nicht auslesbar speichern.</p>
Oliver Sampson<p><span class="h-card" translate="no"><a href="https://cathode.church/@kaye" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kaye</span></a></span> I completely agree and instinctively refused using <a href="https://sigmoid.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkeys</span></a> without even thinking why.</p>
Karsten Schmidt<p><span class="h-card" translate="no"><a href="https://mastodon.gamedev.place/@jonikorpi" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jonikorpi</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.gamedev.place/@aeva" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>aeva</span></a></span> There are quite a few well documented usability and vendor/platform lock-in issues with <a href="https://mastodon.thi.ng/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkeys</span></a> though, some not immediately obvious to most users. I too still remain unconvinced they're an improvement over using a x-platform password manager...</p><p><a href="https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2024/</span><span class="invisible">12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/</span></a></p><p><a href="https://proton.me/blog/big-tech-passkey" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">proton.me/blog/big-tech-passke</span><span class="invisible">y</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload