home.social

#backuppasskeys — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #backuppasskeys, aggregated by home.social.

  1. Someone noticed! SMS “Hey baby boy, how many technical people did you piss off by translating their technical Passkey mambo jumbo nonsense into paragraphs about cats and cookies? I love it! Can you do this for all technical documentation?”sightlessscribbles.com/posts/h #Tech #Technology #PassKey #Passkey #Passkeys #BackUpPasskeys

  2. Someone noticed! SMS “Hey baby boy, how many technical people did you piss off by translating their technical Passkey mambo jumbo nonsense into paragraphs about cats and cookies? I love it! Can you do this for all technical documentation?”sightlessscribbles.com/posts/h #Tech #Technology #PassKey #Passkey #Passkeys #BackUpPasskeys

  3. Someone noticed! SMS “Hey baby boy, how many technical people did you piss off by translating their technical Passkey mambo jumbo nonsense into paragraphs about cats and cookies? I love it! Can you do this for all technical documentation?”sightlessscribbles.com/posts/h #Tech #Technology #PassKey #Passkey #Passkeys #BackUpPasskeys

  4. Someone noticed! SMS “Hey baby boy, how many technical people did you piss off by translating their technical Passkey mambo jumbo nonsense into paragraphs about cats and cookies? I love it! Can you do this for all technical documentation?”sightlessscribbles.com/posts/h #Tech #Technology #PassKey #Passkey #Passkeys #BackUpPasskeys

  5. Someone noticed! SMS “Hey baby boy, how many technical people did you piss off by translating their technical Passkey mambo jumbo nonsense into paragraphs about cats and cookies? I love it! Can you do this for all technical documentation?”sightlessscribbles.com/posts/h #Tech #Technology #PassKey #Passkey #Passkeys #BackUpPasskeys

  6. @rmondello : what makes passkeys strong:

    1. Software checks the domain name, which makes phishing hard;

    2. Https is enforced, which helps prevent AitM attacks (unless Cloudflare et al. come into play);

    3. A unique, long, unguessible, randomly generated "password" (public key) per account: dumb password rules and broken human RNG's no longer apply.

    The rest is marketing (including the -hyped- asymmetric cryptography).

    The "advantage" of denying the owner access to their own private keys hardly makes sense as long as session cookies are not device-bound.

    The disadvantage of not being able to back up ones own private keys is the risk of vendor lock-in and the underestimated huge risk of account lockout [1]. And the latter leads to the necessity of being able to log in using weak authentication after the user loses access to their private keys.

    @brandonbutler

    [1] seclists.org/fulldisclosure/20

    #Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports

  7. @rmondello : what makes passkeys strong:

    1. Software checks the domain name, which makes phishing hard;

    2. Https is enforced, which helps prevent AitM attacks (unless Cloudflare et al. come into play);

    3. A unique, long, unguessible, randomly generated "password" (public key) per account: dumb password rules and broken human RNG's no longer apply.

    The rest is marketing (including the -hyped- asymmetric cryptography).

    The "advantage" of denying the owner access to their own private keys hardly makes sense as long as session cookies are not device-bound.

    The disadvantage of not being able to back up ones own private keys is the risk of vendor lock-in and the underestimated huge risk of account lockout [1]. And the latter leads to the necessity of being able to log in using weak authentication after the user loses access to their private keys.

    @brandonbutler

    [1] seclists.org/fulldisclosure/20

    #Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports

  8. @rmondello : what makes passkeys strong:

    1. Software checks the domain name, which makes phishing hard;

    2. Https is enforced, which helps prevent AitM attacks (unless Cloudflare et al. come into play);

    3. A unique, long, unguessible, randomly generated "password" (public key) per account: dumb password rules and broken human RNG's no longer apply.

    The rest is marketing (including the -hyped- asymmetric cryptography).

    The "advantage" of denying the owner access to their own private keys hardly makes sense as long as session cookies are not device-bound.

    The disadvantage of not being able to back up ones own private keys is the risk of vendor lock-in and the underestimated huge risk of account lockout [1]. And the latter leads to the necessity of being able to log in using weak authentication after the user loses access to their private keys.

    @brandonbutler

    [1] seclists.org/fulldisclosure/20

    #Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports

  9. @rmondello : what makes passkeys strong:

    1. Software checks the domain name, which makes phishing hard;

    2. Https is enforced, which helps prevent AitM attacks (unless Cloudflare et al. come into play);

    3. A unique, long, unguessible, randomly generated "password" (public key) per account: dumb password rules and broken human RNG's no longer apply.

    The rest is marketing (including the -hyped- asymmetric cryptography).

    The "advantage" of denying the owner access to their own private keys hardly makes sense as long as session cookies are not device-bound.

    The disadvantage of not being able to back up ones own private keys is the risk of vendor lock-in and the underestimated huge risk of account lockout [1]. And the latter leads to the necessity of being able to log in using weak authentication after the user loses access to their private keys.

    @brandonbutler

    [1] seclists.org/fulldisclosure/20

    #Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports