#androidpasskeys — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #androidpasskeys, aggregated by home.social.
-
@WeirdWriter : thank you for demystifying the asymmetric cryptography aspect of passkeys.
See also https://todon.nl/@ErikvanStraten/116552022706029032
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
@WeirdWriter : thank you for demystifying the asymmetric cryptography aspect of passkeys.
See also https://todon.nl/@ErikvanStraten/116552022706029032
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
@WeirdWriter : thank you for demystifying the asymmetric cryptography aspect of passkeys.
See also https://todon.nl/@ErikvanStraten/116552022706029032
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
@WeirdWriter : thank you for demystifying the asymmetric cryptography aspect of passkeys.
See also https://todon.nl/@ErikvanStraten/116552022706029032
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
@rmondello : what makes passkeys strong:
1. Software checks the domain name, which makes phishing hard;
2. Https is enforced, which helps prevent AitM attacks (unless Cloudflare et al. come into play);
3. A unique, long, unguessible, randomly generated "password" (public key) per account: dumb password rules and broken human RNG's no longer apply.
The rest is marketing (including the -hyped- asymmetric cryptography).
The "advantage" of denying the owner access to their own private keys hardly makes sense as long as session cookies are not device-bound.
The disadvantage of not being able to back up ones own private keys is the risk of vendor lock-in and the underestimated huge risk of account lockout [1]. And the latter leads to the necessity of being able to log in using weak authentication after the user loses access to their private keys.
[1] https://seclists.org/fulldisclosure/2024/Feb/15
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
@rmondello : what makes passkeys strong:
1. Software checks the domain name, which makes phishing hard;
2. Https is enforced, which helps prevent AitM attacks (unless Cloudflare et al. come into play);
3. A unique, long, unguessible, randomly generated "password" (public key) per account: dumb password rules and broken human RNG's no longer apply.
The rest is marketing (including the -hyped- asymmetric cryptography).
The "advantage" of denying the owner access to their own private keys hardly makes sense as long as session cookies are not device-bound.
The disadvantage of not being able to back up ones own private keys is the risk of vendor lock-in and the underestimated huge risk of account lockout [1]. And the latter leads to the necessity of being able to log in using weak authentication after the user loses access to their private keys.
[1] https://seclists.org/fulldisclosure/2024/Feb/15
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
@rmondello : what makes passkeys strong:
1. Software checks the domain name, which makes phishing hard;
2. Https is enforced, which helps prevent AitM attacks (unless Cloudflare et al. come into play);
3. A unique, long, unguessible, randomly generated "password" (public key) per account: dumb password rules and broken human RNG's no longer apply.
The rest is marketing (including the -hyped- asymmetric cryptography).
The "advantage" of denying the owner access to their own private keys hardly makes sense as long as session cookies are not device-bound.
The disadvantage of not being able to back up ones own private keys is the risk of vendor lock-in and the underestimated huge risk of account lockout [1]. And the latter leads to the necessity of being able to log in using weak authentication after the user loses access to their private keys.
[1] https://seclists.org/fulldisclosure/2024/Feb/15
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
@rmondello : what makes passkeys strong:
1. Software checks the domain name, which makes phishing hard;
2. Https is enforced, which helps prevent AitM attacks (unless Cloudflare et al. come into play);
3. A unique, long, unguessible, randomly generated "password" (public key) per account: dumb password rules and broken human RNG's no longer apply.
The rest is marketing (including the -hyped- asymmetric cryptography).
The "advantage" of denying the owner access to their own private keys hardly makes sense as long as session cookies are not device-bound.
The disadvantage of not being able to back up ones own private keys is the risk of vendor lock-in and the underestimated huge risk of account lockout [1]. And the latter leads to the necessity of being able to log in using weak authentication after the user loses access to their private keys.
[1] https://seclists.org/fulldisclosure/2024/Feb/15
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
#Passkeys are everywhere nowadays
#windowshello #fido2 #androidpasskeys #token2I myself switch to passkeys for any supported service. Have a look here if your services are supported: https://www.passkeys.io/who-supports-passkeys
Understanding why they're more secure and why they are able to be used in so many different shapes is not as easy.
Computerphile just released a greate video about the technology and the authentic flow:
https://www.youtube.com/watch?v=xYfiOnufBSk -
#Passkeys are everywhere nowadays
#windowshello #fido2 #androidpasskeys #token2I myself switch to passkeys for any supported service. Have a look here if your services are supported: https://www.passkeys.io/who-supports-passkeys
Understanding why they're more secure and why they are able to be used in so many different shapes is not as easy.
Computerphile just released a greate video about the technology and the authentic flow:
https://www.youtube.com/watch?v=xYfiOnufBSk -
#Passkeys are everywhere nowadays
#windowshello #fido2 #androidpasskeys #token2I myself switch to passkeys for any supported service. Have a look here if your services are supported: https://www.passkeys.io/who-supports-passkeys
Understanding why they're more secure and why they are able to be used in so many different shapes is not as easy.
Computerphile just released a greate video about the technology and the authentic flow:
https://www.youtube.com/watch?v=xYfiOnufBSk -
#Passkeys are everywhere nowadays
#windowshello #fido2 #androidpasskeys #token2I myself switch to passkeys for any supported service. Have a look here if your services are supported: https://www.passkeys.io/who-supports-passkeys
Understanding why they're more secure and why they are able to be used in so many different shapes is not as easy.
Computerphile just released a greate video about the technology and the authentic flow:
https://www.youtube.com/watch?v=xYfiOnufBSk