Jcrabapple @jcrabapple

0 posts0 participants0 posts today

**CEOTECH.IT** @ceotech@mastodon.social · Apr 1

Google Password Manager: gestire le passkey sarà più facile
#Android #APKTeardown #App #Autenticazione #GestioneAccessi #GestorePassword #Google #GooglePasswordManager #Notizie #Novità #PassKey #PasswordManager #Sicurezza #TechNews #Tecnologia

https://www.ceotech.it/google-password-manager-gestire-le-passkey-sara-piu-facile/

**Matt Cengia** @mattcen@aus.social · Mar 31

Mar 31

Matt Cengia @mattcen@aus.social

I'd love if there was a website like https://www.passkeys.io/who-supports-passkeys which showed which websites also support *non-resident* #FIDO2 authentication as opposed to resident #Passkey. Let's reward sites that have that support!

www.passkeys.ioWebsites and Apps with Passkey SupportSee which websites and applications already support Passkeys as an authentication method or are currently working on integrations.

**Karl Voit** @publicvoit@graz.social · Mar 26 *

Mar 26 *

Karl Voit @publicvoit@graz.social

#TroyHunt fell for a #phishing attack on his mailinglist members: https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/

Some of the ingredients: #Outlook and its habit of hiding important information from the user and missing #2FA which is phishing-resistant.

Use #FIDO2 with hardware tokens if possible (#Passkeys without FIDO2 HW tokens are NOT phishing-resistant due to the possibility of being able to trick users with credential transfers: https://arxiv.org/abs/2501.07380) and avoid Outlook (or #Microsoft) whenever possible.

Further learning: it could happen to the best of us! Don't be ashamed, try to minimize risks and be open about your mistakes.

Note: any 2FA is better than no 2FA at all.

Troy Hunt · Mar 25A Sneaky Phish Just Grabbed my Mailchimp Mailing ListYou know when you're really jet lagged and really tired and the cogs in your head are just moving that little bit too slow? That's me right now, and the penny has just dropped that a Mailchimp phish has grabbed my credentials, logged into my account and exported the mailing

#email #malware #security

Replied in thread

**Samuel Lison** @samuel@social.familylison.com · Mar 22

Mar 22

Samuel Lison @samuel@social.familylison.com

@techlore proton pass is good in that your data on proton pass is fully #encrypted. So if you use a hardware based #passkey such as a #yubikey to secure the main account, and have all your other accounts within use software based passkeys and 2FA, wouldn't be as much of a risk even if Proton Pass got breached as a service.

**𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕** @kubikpixel@chaos.social · Mar 20

Mar 20

𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕 @kubikpixel@chaos.social

«PassKey Account Takeover in All Mobile Browsers: Phishing PassKeys credentials using browser intents»

I hope this is not confirmed and if so knows @passkeysdev or someone of you?

https://mastersplinter.work/research/passkey/

Tobia Righi · Feb 24CVE-2024-9956 - PassKey Account Takeover in All Mobile BrowsersPhishing PassKeys credentials using browser intents

#passkey #phishing #itsec

**CEOTECH.IT** @ceotech@mastodon.social · Mar 12

**Frankie** @Some_Emo_Chick@mastodon.social · Mar 11

Mar 11

Frankie @Some_Emo_Chick@mastodon.social

Some say passkeys are clunky — this startup wants to change that

https://techcrunch.com/2025/03/11/some-say-passkeys-are-clunky-this-startup-wants-to-change-that/

TechCrunch · Mar 11Some say passkeys are clunky — this startup wants to change that | TechCrunchHawcx, backed by Engineering Capital, aims to solve passkeys' adoption challenge with its new tech.

#news #tech #technology

**Frank Hamm 🇺** @derentspannende@troet.cafe · Mar 8 *

Mar 8 *

Frank Hamm 🇺 @derentspannende@troet.cafe

Eine der Nebenwirkungen meiner Chemotherapie: Meine Fingerabdrücke werden nicht mehr erkannt. Hintergrund: Die Haut an Händen und Füßen trocknet stark aus (trotz ständigem Eincremen), und die Haut löst sich teilweise ab.

#Tumor #Survivor #passkey

Replied in thread

Mar 1

Mar 1

ઉશ્કેરાયેલી-અદાલત-૬૫૧ @Excusable@mastodon.social

@itsfoss Good so far.

On a side note it should have added passkey support at level,shouldn't it?
#ubuntu #opensource #foss #passkey

**G◍M◍◍T** @gomoot@mastodon.uno · Feb 24

Feb 24

G◍M◍◍T @gomoot@mastodon.uno

Gmail: Google sostituisce i codici SMS con i QR code per l’autenticazione

https://gomoot.com/gmail-google-sostituisce-i-codici-sms-con-i-qr-code-per-lautenticazione/

Gomoot : tecnologia e lifestyle Scopri le ultime novità in fatto di hardware,tecnologia e altro · Feb 24Gmail: autenticazione con codici QR al posto dei codici SMSGoogle abbandona l’autenticazione via SMS per Gmail: il sistema basato su QR code riduce lo phishing e SIM swapping e migliora la sicurezza degli accessi.

#2fa #autenticazione #blog

Replied to Chase Seibert

**Georg** @sercxanto@sueden.social · Feb 17

Feb 17

Georg @sercxanto@sueden.social

@chase_seibert True. I use #Passkey only with software like #bitwarden which allows to create encrypted #backups (including passkeys!) which can be downloaded and saved at a place under your own control.

**Chase Seibert** @chase_seibert@hachyderm.io · Feb 17

Feb 17

Chase Seibert @chase_seibert@hachyderm.io

Tried to create a #Passkey for the first time. Created it in an iOS app. Immediately went to the website, didn’t work. Guess I will wait another couple years to try them again.

I’m also unnerved by the idea that if my passkey provider (Apple) decides to deactivate my iCloud account for any reason, I will loose my passkeys. This is a failure mode that no one talks about.

Replied in thread

**Claus Holm Christensen** @claushc@mastodon.social · Feb 13

Feb 13

Claus Holm Christensen @claushc@mastodon.social

@sarahjamielewis I would like to hear answers to that question as well. I have not tried it myself, but I'm considering #Keycloak for something like that.

I would also suggest the hashtags #passkey #webauthn and #fido to gather the attention of the right people?

If you're ready to learn the technical details, then there is a Tour of WebAuthN here: https://www.imperialviolet.org/tourofwebauthn/tourofwebauthn.html

www.imperialviolet.orgA Tour of WebAuthn

**heise Security** @heisec@social.heise.de · Feb 5

Feb 5

heise Security @heisec@social.heise.de

Mehr Sicherheit: Bundesagentur für Arbeit setzt auf Passkeys

Die Bundesagentur für Arbeit bietet ab sofort die Unterstützung von Passkeys zur sicheren Anmeldung in Nutzerkonten an.

https://www.heise.de/news/Mehr-Sicherheit-Bundesagentur-fuer-Arbeit-setzt-auf-Passkeys-10271246.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

heise online · Feb 5Passkeys: Bundesagentur für Arbeit erhöht ZugangssicherheitBy Dirk Knop

#Arbeitswelt #Passkey #Security

Continued thread

**Harry W.** @hazz223@mstdn.social · Feb 2

Feb 2

Harry W. @hazz223@mstdn.social

A lot of websites have started to use #Passkey, which is kinda nice.
However, #Sony allows you to use either password + authenticator app, OR a passkey. Huh?! What? How the hell am I supposed to log into my playstation that way??!

#gaming #playstation #security

**heise Security** @heisec@social.heise.de · Feb 1

Feb 1

heise Security @heisec@social.heise.de

Ändere dein Passwort-Tag: Jährlich grüßt das Murmeltier

Es ist wieder soweit, es ist der "Ändere dein Passwort-Tag". Zeit, sich an gute Gepflogenheiten zu erinnern.

https://www.heise.de/news/Aendere-dein-Passwort-Tag-Jaehrlich-gruesst-das-Murmeltier-10259146.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

heise online · Feb 1Ändere dein Passwort-Tag: Kontraproduktiver TippBy Dirk Knop

#Passkey #Passwörter #Security

**blausand** @blausand@chaos.social · Jan 31

Jan 31

blausand @blausand@chaos.social

Alles, was man wissen muss in vier Zeilen?
JemandSchnapptExistierendeTechnologieUndBrandetSie S8E23?
Was haben Mama und Papa dir über die Leute aus dem Marketing gesagt???
#passkey #FIDO2 #marketing

Screenshot aus wikipedia:
"mit den aktuell verfügbaren Produkten und den dazu erteilten Zertifizierungen einsehbar.

Passkey

Passkey ist ein Begriff aus dem Marketing"

Replied in thread

**Jaeseok** @merrily@vivaldi.net · Jan 31

Jan 31

Jaeseok @merrily@vivaldi.net

@Vivaldi Does #Vivaldi have any plans to support #passkey synchronization?

Continued thread

**Guillaume Rossolini** @GuillaumeRossolini@infosec.exchange · Jan 24 *

Jan 24 *

Guillaume Rossolini @GuillaumeRossolini@infosec.exchange

Today’s adventures in recovering that account with #PlayStation after their passkey fail from last weekend

Support person sent me a recovery link that reset my password differently from the online process I can do by myself, got my account back

A minute or two later, the person from support changed my login email from under me, probably confusing me with another chat session and temporarily gifting my account to a stranger

At my request, they changed it back

But as it turns out, I’m locked out again and I have to wait until Monday for another attendant in my region to come online

Advice for companies on their login process

Test it thoroughly. Hire beta groups.

#security #passkey #fail