Have you ever wondered how #loginmanagers work on #Linux? What are they up to and how #PAM is involved? I don't know about you, but I was always curious how things are working under the hood.
Just found a nice introduction post on this matter. Check it out, it's great. Code examples are included.
Btw, I think #PAM is an underrated piece of tech. It's pluggable, so you can implement whatever authentication strategy you want. Fingerprint check? Face recognition? You tell me.
But not only this. It can be used beyond login managers. There was one time when I played with alternative authentication for #sudo program. In my case, I wanted to tap on my #YubiKey instead of using password. It proved inconvenient, so I rolled things back, but it's fascinating how easy it was to configure this.
Heute von unserem IAM Chef zwei #YubiKey Sticks bekommen. Hab gleich mal mein iPhone mit #FIDO2 abgesichert. Nur Windows 11 tut noch bucklig. #hello meint, der Key gehöre nicht zur Familie, obwohl die PIN korrekt ist. Hmmm?
Thanks @chiefgyk3d for the YubiKey and fidget toy! He's got some donated from #Yubico to giveaway on Twitch streams, so check out his stream to get in on the Marbles games and win a #yubikey. #security
Furthermore: why FIDO2 does have some advantages compared to passkeys when #security is more important than convenience. Passkeys leaks your private key to the #cloud provider.
@PlaneSailingGames@FOSSingularity I use a #Yubikey to authenticate to #Github, and I haven't heard anything about them taking that away. Actually if anything, my experience has made it seem like they're trying to push for greater adoption of Yubikeys and compatible devices.
Just fixed my @Efani dashboard issues, support was great. So now that I have access to my dashboard some notes for #Efani
TOTP Code generation shouldn't just be QR, you should also allow the string of text to be manually input. I had to use zbarimg to convert the QR code to text to input into my @yubico security key and vault for TOTP generation.
You should also add FIDO/WebAuthn support. TOTP has a single seed, so if stolen they have access. #infosec#Cybersecurity#SIMSwap#cellphone
@Efani Now for my least favorite part of making new accounts. Grabbing ALL of my @yubico#yubikeys to add my TOTP of FIDO/WebAuthn for my 2FA for security. Well at least I have plenty of backups. Ones with stickers are for work and the ones on my keychain aren't pictured as they are plugged in #yubikey#cybersecurity#infosec#yubicoambassador#privacy#SIMswap#cellphone
Stecke ich meinen #YubiKey ein, kommt eine Meldung, ob ich das Gerät zulassen will, die ist aber sofort wieder weg, ich habe keine Zeit das Gerät zuzulassen.
These #yubikey nano’s are really small I was so afraid I would lose them I had to buy a lanyard for them even though I plan to keep one in my work computer. Thanks for the hookup @yubico#cybersecurity#InfoSec#FIDO#totp#mfa
One of my favorite things about working with #Yubico as an affiliate and brand ambassador. Whenever I need keys for projects they oblige! #infosec#cybersecurity#yubikey
For added security, turn on Screen Lock by storing your password in the Tutanota app. Then go to Settings > Login and choose your Unlock method. When Screen Lock is enabled, you’ll be required to open Tutanota similar to how you would unlock your phone – by entering your PIN, password, Touch ID, or Face ID.
This is a multiple choice poll, pick the option(s) that apply to you!
Boost for reach? Thanks! 😊
(I have a key I carry with me, as well as a backup in a secure place at home, and a key at a trusted friends place as an offsite backup. Yes, adding new keys can be frustrating with managing the offsite ones back and forth...)
Just logged into CVS and they prompted me to enroll a passkey. Super easy. 3 steps and I'm done. (For this browser, on this laptop — sync is the next hurdle.) #passwordless#authentication#passkey
@bouncing@mjgardner@stshank
I keep seeing this “threat” of vendor lock-in and it’s usually a combination of “big companies can’t be trusted” and “they’re stealing your data”. Lots of FUD really.
#Passkeys are free to generate and there’s nothing stopping you from generating more keys, one for each keychain you have. Most programs don’t export them but that feature is coming. Apple at least lets you send a copy to another device.
So “you aren’t fully in control of them” is wrong because literally nobody else in the world has a copy of your key. You have the only copy and you can delete it or cancel it.
If you don’t like big companies and don’t trust them to encrypt your data on the device, use 1password or other independent company’s app. If you are super paranoid about security you can go buy a #Yubikey.
So “designed to tether users to one provider” is also wrong because you can generate more on any device you want to use.
@bouncing@mjgardner@stshank
What you said is exactly right. And it’s the same deal if you use apple’s iCloud Keychain to store your 50 passwords. It’s the same with any app that works on iPhone and not Android.
Some people don’t really mind this type of “lock in” because they already have the phone and they don’t want to download another app. But you can also choose a third party solution like #1Password for your #passkeys instead.
I guess my point is that this is not something specific to passkeys. Apple makes a keychain that only works on iPhone. Google makes a keychain that only works on Android. 1Password works on both. #yubikey also works on both. Passkeys is a feature they are all selling. Export doesn’t work today but creating multiple keys is free. It’s not some conspiracy plot to make you buy more phones. If it were they would not have signed on to the same standard. (In fact Microsoft already had a “passwordless” login feature that went nowhere)