mindly.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mindly.Social is an English speaking, friendly Mastodon instance created for people who want to use their brains and their hearts to make social networking more social. 🧠💖

Administered by:

Server stats:

1.4K
active users

#authentication

1 post1 participant0 posts today
Matthew Turland<p>If you had to explain <a href="https://phpc.social/tags/OAuth2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OAuth2</span></a> to a relatively new SWE who only had a bit of experience interacting with public APIs from a frontend UI, are there any specific beginner-friendly online resources you'd recommend to them?</p><p><a href="https://phpc.social/tags/OAuth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OAuth</span></a> <a href="https://phpc.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://phpc.social/tags/SoftwareEngineering" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SoftwareEngineering</span></a> <a href="https://phpc.social/tags/SoftwareDevelopment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SoftwareDevelopment</span></a> <a href="https://phpc.social/tags/Education" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Education</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://blahaj.zone/@Fiona" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Fiona</span></a></span> : if you send anyone a bitmap (*) that "proves" you are you, they'll have a bitmap to prove they are you.</p><p>(*) Digital image</p><p>Such bitmaps USUALLY are saved longer than strictly necessary and OFTEN fall into the wrong hands.</p><p>Using the Rabobank app may help A BIT because people will be phished to visit fake websites anyway (example: <a href="https://www.virustotal.com/gui/domain/1.rabobank.onlineomgeving.web11376.web09.bero-webspace.de" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">virustotal.com/gui/domain/1.ra</span><span class="invisible">bobank.onlineomgeving.web11376.web09.bero-webspace.de</span></a>).</p><p>In Dutch: <a href="https://www.security.nl/posting/827137/Kopie-ID%3A+kap+ermee%21" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">security.nl/posting/827137/Kop</span><span class="invisible">ie-ID%3A+kap+ermee%21</span></a></p><p><a href="https://infosec.exchange/tags/GLWT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GLWT</span></a> <a href="https://infosec.exchange/tags/TechSolutionism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechSolutionism</span></a> <a href="https://infosec.exchange/tags/TechSolutionisme" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechSolutionisme</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Authenticatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticatie</span></a> <a href="https://infosec.exchange/tags/Impersonatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonatie</span></a></p>
Joche Ojeda<p>Visual Studio Sign-In Issues: A Simple Fix (Fixing visual studio sign in error Code: 3399680404 )</p><p><a href="https://www.jocheojeda.com/2025/03/06/visual-studio-sign-in-issues-a-simple-fix-fixing-visual-studio-sign-in-error-code-3399680404/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">jocheojeda.com/2025/03/06/visu</span><span class="invisible">al-studio-sign-in-issues-a-simple-fix-fixing-visual-studio-sign-in-error-code-3399680404/</span></a></p><p><a href="https://mastodon.social/tags/VisualStudio" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VisualStudio</span></a> <a href="https://mastodon.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://mastodon.social/tags/SignInIssues" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SignInIssues</span></a> <a href="https://mastodon.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://mastodon.social/tags/DeveloperTools" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DeveloperTools</span></a> <a href="https://mastodon.social/tags/Programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Programming</span></a> <a href="https://mastodon.social/tags/Troubleshooting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Troubleshooting</span></a> <a href="https://mastodon.social/tags/WindowsAuthenticationBroker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WindowsAuthenticationBroker</span></a> <a href="https://mastodon.social/tags/TechFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechFix</span></a> <a href="https://mastodon.social/tags/IDE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IDE</span></a> <a href="https://mastodon.social/tags/AccountProblems" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AccountProblems</span></a> <a href="https://mastodon.social/tags/SoftwareDevelopment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SoftwareDevelopment</span></a></p>
Felix Palmen :freebsd: :c64:<p>Ok HOW HARD CAN IT BE? 🤬 </p><p>Currently trying to allow the <a href="https://mastodon.bsd.cafe/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> machine I got from work (domain member, very much locked up, no local admin for me) in my private <a href="https://mastodon.bsd.cafe/tags/wifi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>wifi</span></a> network (using 802.11x <a href="https://mastodon.bsd.cafe/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> for <a href="https://mastodon.bsd.cafe/tags/WPA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WPA</span></a> with <a href="https://mastodon.bsd.cafe/tags/freeradius" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>freeradius</span></a> and <a href="https://mastodon.bsd.cafe/tags/PEAP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PEAP</span></a> using my own <a href="https://mastodon.bsd.cafe/tags/samba" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>samba</span></a> based AD).</p><p>I don't strictly *need* it, the machine connects to my open guest wifi (mapped to a VLAN with access *only* to the internet), but it would be really nice being able to also access my local services while working at home.</p><p>What I tried:</p><p>- Just login (PEAP/MSCHAPv2), obviously. After lots of fiddling and reading logs (freeradius as well as windows events), I found some docs suggesting Windows doesn't support that any more unless you fiddle with something in HKLM, so, no dice, need something else...<br>- Allow EAP-TLS as well and issue a client certificate for my user, install that on windows. Doesn't work, the machine insists on using the machine cert from the machine store.<br>- Create a client cert with the UPN of my user in my home network in SAN ... same issue<br>- Create a client cert with the UPN of my *work* user in SAN ...<br>- Ok screw that, get freeradius to accept that stupid machine certificate: Allow the internal CA of my workplace and *only* the CN of exactly the machine certificate.</p><p>Now, it still won't work and I really don't get it, seeing stuff like:</p><p>(13) eap_tls: (TLS) TLS - recv TLS 1.3 Handshake, ClientHello<br>(13) eap_tls: (TLS) TLS - send TLS 1.1 Alert, fatal protocol_version<br>(13) eap_tls: ERROR: (TLS) TLS - Alert write:fatal:protocol version<br>(13) eap_tls: ERROR: (TLS) TLS - Server : Error in SSLv3 read client hello B</p><p>It makes little sense and all fiddling with TLS options so far didn't make it work. For other clients using PEAP, it just works with both TLS1.2 and TLS1.3. WTF is going on here?</p>
damienbod<p>Blogged: Implement Phone verification, 2FA using ASP.NET Core Identity</p><p><a href="https://damienbod.com/2025/03/03/implement-phone-verification-2fa-using-asp-net-core-identity/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">damienbod.com/2025/03/03/imple</span><span class="invisible">ment-phone-verification-2fa-using-asp-net-core-identity/</span></a></p><p><a href="https://mastodon.social/tags/aspnetcore" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>aspnetcore</span></a> <a href="https://mastodon.social/tags/dotnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dotnet</span></a> <a href="https://mastodon.social/tags/identity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>identity</span></a> <a href="https://mastodon.social/tags/2fa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2fa</span></a> <a href="https://mastodon.social/tags/mfa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mfa</span></a> <a href="https://mastodon.social/tags/sms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sms</span></a> <a href="https://mastodon.social/tags/phone" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phone</span></a> <a href="https://mastodon.social/tags/iam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iam</span></a> <a href="https://mastodon.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a></p>
Hacker News<p>Torii – a framework agnostic authentication library for Rust — <a href="https://github.com/cmackenzie1/torii-rs" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/cmackenzie1/torii-rs</span><span class="invisible"></span></a><br><a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HackerNews</span></a> <a href="https://mastodon.social/tags/Torii" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Torii</span></a> <a href="https://mastodon.social/tags/Rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Rust</span></a> <a href="https://mastodon.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://mastodon.social/tags/Library" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Library</span></a> <a href="https://mastodon.social/tags/Framework" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Framework</span></a> <a href="https://mastodon.social/tags/Agnostic" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Agnostic</span></a> <a href="https://mastodon.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a></p>
julian<p>2FA codes sent over ActivityPub when?</p>
Inautilo<p><a href="https://mastodon.social/tags/Development" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Development</span></a> <a href="https://mastodon.social/tags/Findings" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Findings</span></a><br>How bad is a bad password really? · Let’s test it by setting up a ‘honeypot’ website <a href="https://ilo.im/162ire" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">ilo.im/162ire</span><span class="invisible"></span></a></p><p>_____<br><a href="https://mastodon.social/tags/Attacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Attacks</span></a> <a href="https://mastodon.social/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwords</span></a> <a href="https://mastodon.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://mastodon.social/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> <a href="https://mastodon.social/tags/Website" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Website</span></a> <a href="https://mastodon.social/tags/WordPress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WordPress</span></a> <a href="https://mastodon.social/tags/WebDev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebDev</span></a> <a href="https://mastodon.social/tags/Backend" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Backend</span></a></p>
Honeybadger.io<p>New on the HB dev blog:</p><p>Learn how to implement passwordless authentication in your Django projects using email-based login, OAuth, or magic links with django-sesame.</p><p><a href="https://www.honeybadger.io/blog/options-for-passwordless-authentication-in-django/?utm_source=mastodon&amp;utm_medium=social" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">honeybadger.io/blog/options-fo</span><span class="invisible">r-passwordless-authentication-in-django/?utm_source=mastodon&amp;utm_medium=social</span></a> </p><p><a href="https://honeybadger.social/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a> <a href="https://honeybadger.social/tags/Django" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Django</span></a> <a href="https://honeybadger.social/tags/Programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Programming</span></a> <a href="https://honeybadger.social/tags/WebDev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebDev</span></a> <a href="https://honeybadger.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a></p>
Abstract Technology GmbH<p>🚀eduGAIN - The Global Academic Interfederation Service<br>Services providing resources to the research and education sector can leverage eduGAIN, a global infrastructure that connects over 78 Federations in more then 50 countries, enabling federated access to shared services.</p><p>👩‍💻As Europe's leading Open edX service partner, we integrate eduGAIN seamlessly into your LMS.&nbsp;<br>✉️&nbsp;info@abstract-technology.de</p><p><a href="https://mastodon.social/tags/OpenEdX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenEdX</span></a>&nbsp;<a href="https://mastodon.social/tags/eduGAIN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eduGAIN</span></a>&nbsp;<a href="https://mastodon.social/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a>&nbsp;<a href="https://mastodon.social/tags/eLearning" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eLearning</span></a>&nbsp;<a href="https://mastodon.social/tags/FederatedIdentity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FederatedIdentity</span></a>&nbsp;<a href="https://mastodon.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a>&nbsp;<a href="https://mastodon.social/tags/community" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>community</span></a>&nbsp;<a href="https://mastodon.social/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a>&nbsp;<a href="https://mastodon.social/tags/edTech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>edTech</span></a></p>
Moved to https://mk.absturztau.be/@Linux<p><span>Now, I need to find an alternative service to Ente Auth that does not require self-hosting and can be used over multiple devices simultaneously while remaining in sync (so not hardware specific). <br><br></span><a href="https://misskey.de/tags/Auth" rel="nofollow noopener noreferrer" target="_blank">#Auth</a> <a href="https://misskey.de/tags/Authentication" rel="nofollow noopener noreferrer" target="_blank">#Authentication</a> <a href="https://misskey.de/tags/2Step" rel="nofollow noopener noreferrer" target="_blank">#2Step</a> <a href="https://misskey.de/tags/Verification" rel="nofollow noopener noreferrer" target="_blank">#Verification</a> <a href="https://misskey.de/tags/Security" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://misskey.de/tags/InfoSec" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://misskey.de/tags/InformationSecurity" rel="nofollow noopener noreferrer" target="_blank">#InformationSecurity</a></p>
Georgiana Brummell<p>First, they shut down the Basic HTML site, forcing many of us to switch to clients such as Thunderbird. Now, they're using qr codes which are not only inaccessible to the blind but also to those who don't use smartphones! This is ridiculous! Yes, they do still have the option to click whether it's you trying to sign in or not (which still requires a smartphone and a carrier, which they claim to be concerned about), but how long before they remove that, too?</p><p><a href="https://www.pcmag.com/news/google-is-replacing-sms-codes-with-qr-codes-for-gmail-authentication" rel="nofollow noopener noreferrer" target="_blank">pcmag.com/news/google-is-repla…</a></p><p><a href="https://friendica.world/search?tag=accessibility" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>accessibility</span></a> <a href="https://friendica.world/search?tag=Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> <a href="https://friendica.world/search?tag=authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://friendica.world/search?tag=blind" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blind</span></a> <a href="https://friendica.world/search?tag=Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> <a href="https://friendica.world/search?tag=GMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GMail</span></a> <a href="https://friendica.world/search?tag=IOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IOS</span></a> <a href="https://friendica.world/search?tag=Narrator" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Narrator</span></a> <a href="https://friendica.world/search?tag=NVDA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NVDA</span></a> <a href="https://friendica.world/search?tag=sms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sms</span></a> <a href="https://friendica.world/search?tag=Talkback" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Talkback</span></a> <a href="https://friendica.world/search?tag=technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technology</span></a> <a href="https://friendica.world/search?tag=Voiceover" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Voiceover</span></a> <a href="https://friendica.world/search?tag=Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a></p>
Erik van Straten<p>Biggest phishing-test in history</p><p>So some weirdo, possibly Elon Musk, instructs you to reply by mail informing him what you did last week.</p><p>😱 You will be fired if you do - for failing the phishing test. You should have known that it's a hoax because Elon Musk just fired all the people who could read all of those mails.</p><p>And you should have known that you should not share confidential information via email because you don't know for sure who the recipient is. Neither do you know who reads the mail "on its way" and neither does the recipient know that you are who you say that you are.</p><p>Finaly, some mail ends up in spam boxes or gets dropped for frivolous reasons (Postel@RFC5321.whatever.tld)<br>(edited 17:23 UTC - corrected the RFC nr. 825 is not SMTP - sorry!)</p><p>😱 You will be fired if you don't.</p><p>It's a witch hunt. The Trump govt throws you in the water. You are not a witch if you drown.</p><p><a href="https://blogs.loc.gov/law/2022/02/swimming-a-witch-evidence-in-17th-century-english-witchcraft-trials/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blogs.loc.gov/law/2022/02/swim</span><span class="invisible">ming-a-witch-evidence-in-17th-century-english-witchcraft-trials/</span></a></p><p><a href="https://infosec.exchange/tags/Authenticity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticity</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/PhishingTest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PhishingTest</span></a> <a href="https://infosec.exchange/tags/InternetSucks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InternetSucks</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p>
Aral Balkan<p>New Kitten release</p><p>• Fixes redirection from sign-in page when person is already authenticated.</p><p><a href="https://kitten.small-web.org" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">kitten.small-web.org</span><span class="invisible"></span></a></p><p>To learn more about how Kitten automatically implements authentication for your Small Web sites and apps using public-key cryptography (so even your own server doesn’t know your secret)¹, please see the Authentication tutorial:</p><p><a href="https://kitten.small-web.org/tutorials/authentication/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">kitten.small-web.org/tutorials</span><span class="invisible">/authentication/</span></a></p><p>Enjoy!</p><p>:kitten:💕</p><p>¹ The security (and privacy) of Domain/Kitten are based on a 32-byte cryptographically random secret string that only the person who owns/controls a domain knows.</p><p>This is basically a Base256-encoded ed25519 secret key where the Base256 alphabet is a set of curated emoji surrogate pairs without any special modifiers chosen mainly from the animals, plants, and food groups with some exceptions (to avoid common phobias or triggers, etc.) that we call KittenMoji.</p><p>…</p><p>When setting up a Small Web app via Domain, this key is generated in the person’s browser, on their own computer, and is never communicated to either the Domain instance or the Kitten app being installed. Instead the ed25519 public key is sent to both and signed token authentication is used when the server needs to verify the owner’s identity (e.g., before allowing access to the administration area).</p><p>The expected/encouraged behaviour is for the person to store this secret in their password manager of choice.</p><p>More: <a href="https://kitten.small-web.org/reference/#cryptographic-properties" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">kitten.small-web.org/reference</span><span class="invisible">/#cryptographic-properties</span></a></p><p><a href="https://mastodon.ar.al/tags/Kitten" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kitten</span></a> <a href="https://mastodon.ar.al/tags/SmallWeb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SmallWeb</span></a> <a href="https://mastodon.ar.al/tags/SmallTech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SmallTech</span></a> <a href="https://mastodon.ar.al/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://mastodon.ar.al/tags/publicKeyCryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>publicKeyCryptography</span></a> <a href="https://mastodon.ar.al/tags/web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>web</span></a> <a href="https://mastodon.ar.al/tags/dev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dev</span></a> <a href="https://mastodon.ar.al/tags/NodeJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NodeJS</span></a> <a href="https://mastodon.ar.al/tags/JavaScript" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JavaScript</span></a> <a href="https://mastodon.ar.al/tags/HTML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HTML</span></a> <a href="https://mastodon.ar.al/tags/CSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CSS</span></a></p>
Schneier on Security RSS<p>Device Code Phishing</p><p>This isn’t new, but it’s increasingly popular:<br>The technique is known as devic... <a href="https://www.schneier.com/blog/archives/2025/02/device-code-phishing.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">schneier.com/blog/archives/202</span><span class="invisible">5/02/device-code-phishing.html</span></a></p><p> <a href="https://burn.capital/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://burn.capital/tags/Uncategorized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Uncategorized</span></a> <a href="https://burn.capital/tags/authorization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authorization</span></a> <a href="https://burn.capital/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> <a href="https://burn.capital/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Russia</span></a></p>
Erik van Straten<p>Fsck de overheid: "Het automatiseren van certificaatbeheer door de overheid op basis van ACME zorgt voor het efficiënter en betrouwbaarder verkrijgen, vernieuwen en intrekken van TLS-certificaten. Dit maakt de digitale overheid betrouwbaarder, wendbaarder en minder leveranciersafhankelijk", aldus de experts. "Daarnaast vermindert het gebruik van ACME de beheerlast voor het beheer van TLS-certificaten."<br><a href="https://www.security.nl/posting/876900/ACME+voor+uitgifte+tls-certificaten+wordt+mogelijk+verplicht+voor+overheid" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">security.nl/posting/876900/ACM</span><span class="invisible">E+voor+uitgifte+tls-certificaten+wordt+mogelijk+verplicht+voor+overheid</span></a>.</p><p>In een tijd waarin burgers, online, met steeds hogere betrouwbaarheid moeten authenticeren (o.a. voor online leeftijdsverificatie en binnenkort met eID's zoals EDIW/EUDIW), en de anonieme nepwebsites als paddenstoelen uit de grond schieten (*), is dit een *KRANKZINNIG* plan.</p><p>(*) Daarbij geen strobreed in de weggelegd door BigTech - integendeel: medeplichtigheid aan cybercrime is hun verdienmodel geworden.</p><p>Het grote risico hier zijn AitM- (Attacker in the Middle) aanvallen: nietsvermoedende mensen worden via een bericht of een Google zoekresultaat naar een nepwebsite gestuurd, die hen vraagt om bijv. een scan van hun paspoort te uploaden en een selfie-filmpje te maken.</p><p>Beide stuurt de nepwebsite echter dóór naar een echte website, zoals van een bank, bijv. om een lening af te sluiten. De AitM neemt dat geld op, waarna het slachtoffer opdraait voor de schuld.</p><p>Een ESSENTIËLE voorwaarde voor betrouwbare authenticatie is dat je de VERIFIEERDER kunt vertrouwen.</p><p>Of dat zo is, weet je nooit zeker (ook offline niet). Het beste alternatief is dat je weet *WIE* de verifieerder is, en hoe betrouwbaar diens identiteit is vaatgesteld. Dat is, zonder meer, vervelend en prijzig voor eigenaren van websites waar klanten, burgers of patiënten risicovolle transacties doen en/of er vertrouwelijke gegevens mee uitwisselen - maar enorm in het belang van bezoekers van dergelijke websites.</p><p>Betrouwbare authenticatie van (de juridisch aansprakelijke) eigenaar van een website m.b.v. een website-certificaat vormt *technisch* geen enkel probleem (dit *hadden* we al, maar is met een smoes gesloopt door Google).</p><p>In gratis certificaten, bijvoorbeeld van Let's Encrypt (zoals gebruikt door de nepwebsites in onderstaand plaatje) staat uitsluitend een volstrekt anonieme domeinnaam; je hebt dus geen idee wie verantwoordelijk is voor de website.</p><p>Juist bij overheidswebsites is het essentieel dat je weet dat het écht om een overheidswebsite gaat - iets dat bij de in het plaatje getoonde domeinnamen (ik heb de punt door + vervangen), zoals:</p><p>• afhandelen-belasting+com<br>• aflossen-belastingdienst+com</p><p>beslist *niet* het geval is.</p><p>En in de echte <a href="https://www.ggn.nl/contact/phishing/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">ggn.nl/contact/phishing/</span><span class="invisible"></span></a> kunt u voorbeelden zien van domeinnamen van nepwebsites, zoals ook te zien in onderstaand plaatje.</p><p>Kennelijk lukt het niemand om dergelijke criminele websites uit de lucht te halen, terwijl de misdadigers er probleemloos Let's Encrypt certificaten voor *blijven* verkrijgen - naast dat de naar phishing stinkende domeinnamen zonder blikken of blozen worden verhuurd en nooit worden ingetrokken. Dit is simpelweg de SNELSTE en GOEDKOOPSTE oplossing voor eigenaren van websites; de *BEZOEKERS* van die websites draaien op voor alle risico's.</p><p>Het onderstaande plaatje is van een Russische server, maar dit soort phishing websites vind je ook bij de vleet op door criminelen gehuurde servers van Google, Amazon, Microsoft, Digital Ocean, Cloudflare en kleinere westerse hostingbedrijven.</p><p>Ben ik nou ÉCHT DE ÉNIGE die vindt dat deze gecriminaliseerde puinhoop keihard moet worden aangepakt?</p><p>Zie mijn uitgebreide reactie in <a href="https://security.nl/posting/876914" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">security.nl/posting/876914</span><span class="invisible"></span></a> (beginnend met eenvoudige uitleg wat een website-certificaat is).</p><p>Nb. naast certificaatuitgevers moeten ook browsers en het CA/B-forum op de schop. Doen we dit allemaal niet, dan wordt verder digitaliseren een gigantische puinhoop met steeds meer slachtoffers van identiteitsfraude.</p><p><a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DVcerts</span></a> <a href="https://infosec.exchange/tags/ACME" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ACME</span></a> <a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LetsEncrypt</span></a> <a href="https://infosec.exchange/tags/NepSites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NepSites</span></a> <a href="https://infosec.exchange/tags/NepWebSites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NepWebSites</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/Spoofing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spoofing</span></a> <a href="https://infosec.exchange/tags/Scams" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Scams</span></a> <a href="https://infosec.exchange/tags/IdentiteitsFraude" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IdentiteitsFraude</span></a> <a href="https://infosec.exchange/tags/Authenticatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticatie</span></a> <a href="https://infosec.exchange/tags/Impersonatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonatie</span></a> <a href="https://infosec.exchange/tags/GoogleIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GoogleIsEvil</span></a> <a href="https://infosec.exchange/tags/BigTechIsEvil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BigTechIsEvil</span></a> <a href="https://infosec.exchange/tags/FakeWebSites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FakeWebSites</span></a> <a href="https://infosec.exchange/tags/AnoniemeWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AnoniemeWebsites</span></a> <a href="https://infosec.exchange/tags/AnonymousWebsites" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AnonymousWebsites</span></a> <a href="https://infosec.exchange/tags/OnlineAuthenticatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OnlineAuthenticatie</span></a> <a href="https://infosec.exchange/tags/LeeftijdVerificatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LeeftijdVerificatie</span></a> <a href="https://infosec.exchange/tags/OnlineLeeftijdVerificatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OnlineLeeftijdVerificatie</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/OnlineAuthentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OnlineAuthentication</span></a> <a href="https://infosec.exchange/tags/AgeVerification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AgeVerification</span></a> <a href="https://infosec.exchange/tags/OnlineAgeVerification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OnlineAgeVerification</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/Evilginx2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Evilginx2</span></a></p>
Hush Line<p>🪳 We just fixed a bug in self-verifying URLs! Tip line owners, add a link with `rel="me"` and your Hush Line address on your website, then add that website URL to the extra fields on your Hush Line bio's extra fields. You'll receive a checkmark indicating you own or have control over the address listed, adding social proof to your profile, making it more trustworthy to people in your community!</p><p><a href="https://tips.hushline.app/register" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">tips.hushline.app/register</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/whistleblower" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>whistleblower</span></a> <a href="https://mastodon.social/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://mastodon.social/tags/nonprofit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nonprofit</span></a> <a href="https://mastodon.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a></p>
The Uberduck<p>I'm looking at setting up a bunch of self hosted services to replace our (self, family, friends) dependence on corporate cloud stuff. Email (custom, since none of the Just Add Server offerings do everything I need for free), shared drive (likely nextcloud, ugh), docs (likely collabora), jitsi for video, discourse for group forums, and so on. </p><p>I'd like to make all of this SSO, to the extent that it reasonably can be. </p><p>I'm probably going to use FreeIPA as the identity source of truth, but I'm finding that there are enough new things I need to learn about centralized authentication that I'm having a hard time finding a starting point that doesn't require a bunch of other context. So I'm asking for help. </p><p>Does anyone know of a good guide to these sorts of concepts, preferably available online? I'm familiar with most of the other Linux sysadmin concepts and have plenty of hardware and bandwidth at my disposal.</p><p>If you don't have an answer but have followers who might, boosts would be appreciated.</p><p><a href="https://hachyderm.io/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosted</span></a> <a href="https://hachyderm.io/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosting</span></a> <a href="https://hachyderm.io/tags/SelfHostedApps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfHostedApps</span></a> <a href="https://hachyderm.io/tags/freeipa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>freeipa</span></a> <a href="https://hachyderm.io/tags/ldap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ldap</span></a> <a href="https://hachyderm.io/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://hachyderm.io/tags/keycloak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>keycloak</span></a> <a href="https://hachyderm.io/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentik</span></a> <a href="https://hachyderm.io/tags/authelia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authelia</span></a> <a href="https://hachyderm.io/tags/kerberos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kerberos</span></a> <a href="https://hachyderm.io/tags/sysadmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sysadmin</span></a> <a href="https://hachyderm.io/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a></p>
ax6761<p><a href="https://freeradical.zone/tags/PyPI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PyPI</span></a> Security: Past, Present &amp; Future, 20250216,<br>by Salvo "LtWorf" T,<br><a href="https://peertube.debian.social/w/bc988f30-b520-442b-ad3c-77a6f29fb904" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">peertube.debian.social/w/bc988</span><span class="invisible">f30-b520-442b-ad3c-77a6f29fb904</span></a><br>-- "py py" here, Salvo!</p><p><a href="https://freeradical.zone/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a> <a href="https://freeradical.zone/tags/Microsoft_corp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft_corp</span></a> <a href="https://freeradical.zone/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHub</span></a> <a href="https://freeradical.zone/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://freeradical.zone/tags/computerSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>computerSecurity</span></a></p>
Inautilo<p><a href="https://mastodon.social/tags/Development" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Development</span></a> <a href="https://mastodon.social/tags/Guides" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Guides</span></a><br>Hype or future of security? · Passwords suck a lot; can passkeys fix that? <a href="https://ilo.im/1627vc" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">ilo.im/1627vc</span><span class="invisible"></span></a></p><p>_____<br><a href="https://mastodon.social/tags/Device" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Device</span></a> <a href="https://mastodon.social/tags/Credentials" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Credentials</span></a> <a href="https://mastodon.social/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwords</span></a> <a href="https://mastodon.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> <a href="https://mastodon.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://mastodon.social/tags/Cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cryptography</span></a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://mastodon.social/tags/WebDev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebDev</span></a> <a href="https://mastodon.social/tags/Frontend" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Frontend</span></a> <a href="https://mastodon.social/tags/Backend" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Backend</span></a></p>