FÜr alle, die es noch nicht wissen, aber interessiert:
#ct3003 veröffentlicht die neuen Videos jetzt auch auf #peertube
#makertube #ct #ITmagazin #IT
Themen bisher: #KI #PassKey #UnplugTrump
Schaut doch mal rein, damit sie auch weiter im Fediverse veröffentlichen.
https://makertube.net/c/ct_3003_und_heise/videos
#Microsoft is killing off passwords completely, in favour of passkeys. I think this will alienate a lot of people... thoughts? https://mindsconnected.tech/index.php?showtopic=1079&view=getnewpost #password #security #cybersecurity #windows #windows10 #windows11 #passkey #tech
I'd love if there was a website like https://www.passkeys.io/who-supports-passkeys which showed which websites also support *non-resident* #FIDO2 authentication as opposed to resident #Passkey. Let's reward sites that have that support!
A passkey is a secure, easy-to-use replacement for passwords. It uses your device's built-in security (Face ID, fingerprint, PIN, etc.) to log you into a website or service, without requiring you to remember or type anything.
#passkey #password #security
https://www.techspot.com/article/2971-passkeys-explainer/
c't 3003: Das Problem mit Passkeys
Passkeys sind sicherer als Passwörter, aber Apple, Google & Co. schränken die Nutzung ein. c't 3003 zeigt, wie man sie plattformübergreifend einsetzen kann.
@yacc143 FYI: #Passkeys and #FIDO2 (= "device-bound #passkey" which can be divided into "platform-" and "roaming-authenticators") are identical except the #cloud-sync mechanism (as of my current understanding).
So unfortunately, they get mixed up or are considered as totally different things. Both is wrong.
In reality, they are very similar except that FIDO2 hardware tokens ("device-bound passkeys" only in their "roaming-authenticator" variant) are designed that way, that Passkeys are not being able to extracted from the device (at least for the moment).
Therefore, users of HW tokens can't be tricked into transferring their passkey to a rogue third party, which is possible with all other Passkey variants. Therefore: passkeys are NOT #phishing-resistant in the general case.
#TroyHunt fell for a #phishing attack on his mailinglist members: https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/
Some of the ingredients: #Outlook and its habit of hiding important information from the user and missing #2FA which is phishing-resistant.
Use #FIDO2 with hardware tokens if possible (#Passkeys without FIDO2 HW tokens are NOT phishing-resistant due to the possibility of being able to trick users with credential transfers: https://arxiv.org/abs/2501.07380) and avoid Outlook (or #Microsoft) whenever possible.
Further learning: it could happen to the best of us! Don't be ashamed, try to minimize risks and be open about your mistakes.
Note: any 2FA is better than no 2FA at all.
@techlore proton pass is good in that your data on proton pass is fully #encrypted. So if you use a hardware based #passkey such as a #yubikey to secure the main account, and have all your other accounts within use software based passkeys and 2FA, wouldn't be as much of a risk even if Proton Pass got breached as a service.
To buy or not to buy #Proton Pass lifetime deal for $199?
Ubiquiti added #passkey support, is properly naming them, and using the provider icons 
@technotenshi #Passkeys are not prone to #phishing according to my understanding of:
https://arxiv.org/abs/2501.07380
The paper describes that it's possible to fool Passkey owners to transfer their #Passkey to attackers: "Another concern could be social engineering, where a user is tricked into sharing a passkey with an account controlled by an attacker."
However, the authors disagree with my interpretation.
The only really secure method is hardware #FIDO2 tokens where the secrets can't leave the device.
«PassKey Account Takeover in All Mobile Browsers: Phishing PassKeys credentials using browser intents»
I hope this is not confirmed and if so knows @passkeysdev or someone of you?
Some say passkeys are clunky — this startup wants to change that
https://techcrunch.com/2025/03/11/some-say-passkeys-are-clunky-this-startup-wants-to-change-that/
Eine der Nebenwirkungen meiner Chemotherapie: Meine Fingerabdrücke werden nicht mehr erkannt. Hintergrund: Die Haut an Händen und Füßen trocknet stark aus (trotz ständigem Eincremen), und die Haut löst sich teilweise ab.
Any #passkeys experts around here? My government’s IT service maintains that they are correct when they use the term “passkey” to mean “hardware security device” (YubiKey and stuff,) and that I’m wrong for (1) saying those have never been called “passkeys” before the real passkeys were introduced and (2) expecting passkey support to mean the software passkeys provided by Safari or 1Password. #passkey
@itsfoss Good so far.
On a side note it should have added passkey support at level,shouldn't it?
#ubuntu #opensource #foss #passkey
Gmail: Google sostituisce i codici SMS con i QR code per l’autenticazione
https://gomoot.com/gmail-google-sostituisce-i-codici-sms-con-i-qr-code-per-lautenticazione/
I really find it weird when I activate a #Passkey for a page and it completely removes the #2FA options.
Are Passkeys not supposed to be the better alternative to passwords? Why is it make my login less secure?
PayPal is especially confusing here. It states 2FA is enabled. But it's only asked for, when I log in with a password. If I use the Passkey it's skipped.
That's definitely more convenient but, in my opinion, way less secure. It makes me consider to opt-out of Passkeys altogether.
@chase_seibert True. I use #Passkey only with software like #bitwarden which allows to create encrypted #backups (including passkeys!) which can be downloaded and saved at a place under your own control.
🇺 
G◍M◍◍T 
