stv0g, 2 days ago to random German

I updated my crowd-sourced list of #openpgp, #fido, #u2f and #piv, #pki security tokens:

https://l.0l.de/tokens

Feel free to have a look if you are in the market for a new security token :-) Contributions and feedback are highly welcome :)

arstechnica, 1 month ago to random

LastPass users targeted in phishing attacks good enough to trick even the savvy

Campaign used email, SMS, and voice calls to trick targets into divulging master passwords.

https://arstechnica.com/security/2024/04/lastpass-users-targeted-in-phishing-attacks-good-enough-to-trick-even-the-savvy/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social

Ms0148, 1 month ago to photography

Lola 2yr old Shorkie
#fido #photography
#mastodon

scy, 1 month ago to random

Today I finally sat down to learn how #FIDO #U2F keys support an "unlimited" number of websites on a single token, without compromising privacy, and without running out of memory on the token.

Reusing the same public/private keypair would allow websites to track tokens. So, the token generates a new keypair on each registration. But where is it stored?

With the website! The token encrypts the private key with a token-specific secret and receives it back from the website on each login request.

Edent, 2 months ago to random

🆕 blog! “Giving the finger to MFA - a review of the Z1 Encrypter Ring from Cybernetic”
★★★★☆

I have mixed feelings about Multi-Factor Authentication. I get why it is necessary to rely on something which isn't a password but - let's be honest here - it is a pain juggling between SMS, TOTP apps, proprietary apps, and mag…

👀 Read more: https://shkspr.mobi/blog/2024/02/giving-the-finger-to-mfa-a-review-of-the-z1-encrypter-ring-from-cybernetic/
⸻
#2fa #fido #gadget #MFA #nfc #review #rfid

gnulinux, 4 months ago to passkeys German

Passkeys

Passwörter gelten als unsicher, weshalb Firmen wie Google, Microsoft und Apple das Konzept der Passkeys in den Markt drücken möchten. Ist das der richtige Weg, oder ist es nur Marketing?

#FIDO #FIDO2 #Passwörter #Passkey #Passkeys #Login #Linux

https://gnulinux.ch/passkeys

nono2357, 4 months ago to security

#Security #tips on using #YubiKey and #FIDO #U2F
https://www.cossacklabs.com/blog/security-tips-on-using-fido-u2f-and-yubikey/

publicvoit, 5 months ago to passkeys German

#FIDO-Tokens: Login ohne Smartphone
https://help.orf.at/stories/3222650/

Hier wird auch auf #Passkeys referenziert. Ich persönlich bevorzuge #FIDO2 gegenüber Passkeys, wenn ich sowieso schon einen FIDO2-Token besitze und ich nicht will, dass mein Passkeys-Geheimnis ausgelesen werden kann, was bei FIDO2 nicht der Fall ist.

Wenn man keinen FIDO2-Token hat, hat Passkeys durchaus Vorteile, da es (wie FIDO2) auch gegen Phishing schützt

#IDAustria

Foxboron, 5 months ago to security

Largely how I feel about the entire push towards FIDO and hardware tokens.

#FIDO #Yubikey #Security

ottawasteph, 5 months ago to random

Jealous?
Thank you, #Fido

zeitgenosse, 5 months ago to random German

Wer noch die #Handysignatur hat, sollte sie jetzt noch verlängern (nur bis 2023-12-04 möglich):
https://www.handy-signatur.at/Aktivierung/Selbst/Handy/Verlaengerung.aspx

Damit sollte laut A-Trust die Basisfunktion der #IDAustria fünf Jahre nutzbar sein, und es ist weiterhin kein Smartphone und keine App notwendig. SMS-TAN und #FIDO-Schlüssel können verwenden werden.

Ich werde in den nächsten Wochen von meinem Umstieg berichten und tausche mich gerne mit allen aus, die keine Blackbox-App des Innenministeriums auf ihrem Gerät haben wollen.

mattcen, 6 months ago (edited 6 months ago) to random

Oh look, another thing to take up a resident slot on my #Yubikey.
(#FIDO is a good choice, and when I read this headline I thought it was implying we'd need to give biometric ID directly to #MyGov, so I was pleasantly relieved, but... shakes fist at each #Passkey requiring a Resident key)
https://www.theguardian.com/australia-news/2023/nov/09/mygov-to-use-face-or-fingerprint-recognition-instead-of-passwords-in-bid-to-fight-scams

ezlin, 6 months ago (edited 6 months ago) to Discord

#Discord actually did a fantastic thing for account #security and I am stoked!

CHECK IT OUT!

Hardware security key #2FA bayyybeee!

and it doesn't require ANY other 2FA method to be used!

Oh I am an excited little nerd.

edit: Bonus, this does NOT require a paid account!

#yubikey #securitykey #U2F #cybersecurity #identiv #passkey #passkeys #fido #fido2 #bitwarden

stv0g, 6 months ago (edited 6 months ago) to random German

I started to work on an exhaustive comparison of USB crypto tokens here: https://l.0l.de/tokens

Contributions are very welcome :)

#yubikey #nitrokey #fido #piv

iamkale, 7 months ago to random

Anyone here going to Authenticate 2023 this week? I'm giving two talks tomorrow - "Demystifying WebAuthn and Passkeys," and "Tips for Painless Passkeys." Feel free to say hi if you see me there!

https://authenticatecon.com/event/authenticate-2023/

#Authenticate2023 #passkeys #fido #webauthn #authentication

cryptodd, 7 months ago to random

Kudos to login.gov for a great user experience and including support for hardware (#FIDO U2F) security keys. I had to renew my CBP Global Entry and was delighted with the #authentication experience. I want to give recognition when something goes right.

arynn, 7 months ago to random

I’m really pleased to share that today, AWS announced we’ll begin requiring the use of MFA in 2024, beginning with the most privileged accounts in our customer environments - the management account root users of AWS Organizations - and expanding throughout 2024.

MFA and strong authentication are so critical, so foundational to security health. It’s increasingly obvious that as digital identity evolves, everyone, everywhere should be using some form of MFA - and if that’s phishing-resistant authentication like #FIDO all the better. As an identity practitioner and as a consumer impacted by the security choices of the companies I do business with, I hope we will continue to see a growing number of companies emphasizing - and yes, requiring - MFA, because it makes a better internet for all of us.

On a personal note: I’ve been at Amazon for ~11 years now, which means I have a pretty big sample size to compare to when I say this is the happiest, most gratifying working day of my life.

https://aws.amazon.com/blogs/security/security-by-design-aws-to-enhance-mfa-requirements-in-2024/

rheijdendael, 7 months ago to security

Now that was easy! to clear all FIDO accounts from my boss.

It did not even ask for the PIN.

Of course nobody would ever keep the thing plugged in when going to the toilet.

#security #cybersecurity #FIDO2 #FIDO

ianw, 7 months ago to random

I had a look at how #FIDO and #WebAuthn mitigate #phishing attacks.

Link to the blog is below. Yep, that's right, click on the link to learn about phishing.​ 🤔​

https://www.secmatics.com/blog/phishing-with-fido

itnewsbot, 9 months ago to quantumcomputing

Google announces new algorithm that makes FIDO encryption safe from quantum computers - Enlarge (credit: Getty Images)

The FIDO2 industry standard ado... - https://arstechnica.com/?p=1961906 #quantumcomputing #security #passkeys #biz⁢ #fido

publicvoit, 10 months ago to security

How Hype Will Turn Your #Security Key Into Junk
https://fy.blackhats.net.au/blog/2023-02-02-how-hype-will-turn-your-security-key-into-junk/

#passkeys #FIDO #FIDO2 #Authentication #2FA #Apple #yubikey #nitrokey #solokeys

dborch, 10 months ago to random German

Auch schön im Pressetext anno 1994: "Jeder Geonet-Teilnehmer erhält ohne Zusatzkosten nicht nur eine X.400-Adresse, um mit den vielen Millionen kommerziellen X.400 Teilnehmern kommunizieren zu können, sondern auch ohne zusätzliches Entgelt einen INTERNET-Namen für den Kontakt mit Universitäten."

chiefgyk3d, 10 months ago to Cybersecurity

These #yubikey nano’s are really small I was so afraid I would lose them I had to buy a lanyard for them even though I plan to keep one in my work computer. Thanks for the hookup @yubico #cybersecurity #InfoSec #FIDO #totp #mfa