#backuppasskeys — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #backuppasskeys, aggregated by home.social.
-
Someone noticed! SMS “Hey baby boy, how many technical people did you piss off by translating their technical Passkey mambo jumbo nonsense into paragraphs about cats and cookies? I love it! Can you do this for all technical documentation?”https://sightlessscribbles.com/posts/how-to-make-portable-passkeys/ #Tech #Technology #PassKey #Passkey #Passkeys #BackUpPasskeys
-
Someone noticed! SMS “Hey baby boy, how many technical people did you piss off by translating their technical Passkey mambo jumbo nonsense into paragraphs about cats and cookies? I love it! Can you do this for all technical documentation?”https://sightlessscribbles.com/posts/how-to-make-portable-passkeys/ #Tech #Technology #PassKey #Passkey #Passkeys #BackUpPasskeys
-
Someone noticed! SMS “Hey baby boy, how many technical people did you piss off by translating their technical Passkey mambo jumbo nonsense into paragraphs about cats and cookies? I love it! Can you do this for all technical documentation?”https://sightlessscribbles.com/posts/how-to-make-portable-passkeys/ #Tech #Technology #PassKey #Passkey #Passkeys #BackUpPasskeys
-
Someone noticed! SMS “Hey baby boy, how many technical people did you piss off by translating their technical Passkey mambo jumbo nonsense into paragraphs about cats and cookies? I love it! Can you do this for all technical documentation?”https://sightlessscribbles.com/posts/how-to-make-portable-passkeys/ #Tech #Technology #PassKey #Passkey #Passkeys #BackUpPasskeys
-
Someone noticed! SMS “Hey baby boy, how many technical people did you piss off by translating their technical Passkey mambo jumbo nonsense into paragraphs about cats and cookies? I love it! Can you do this for all technical documentation?”https://sightlessscribbles.com/posts/how-to-make-portable-passkeys/ #Tech #Technology #PassKey #Passkey #Passkeys #BackUpPasskeys
-
@WeirdWriter : thank you for demystifying the asymmetric cryptography aspect of passkeys.
See also https://todon.nl/@ErikvanStraten/116552022706029032
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
@WeirdWriter : thank you for demystifying the asymmetric cryptography aspect of passkeys.
See also https://todon.nl/@ErikvanStraten/116552022706029032
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
@WeirdWriter : thank you for demystifying the asymmetric cryptography aspect of passkeys.
See also https://todon.nl/@ErikvanStraten/116552022706029032
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
@WeirdWriter : thank you for demystifying the asymmetric cryptography aspect of passkeys.
See also https://todon.nl/@ErikvanStraten/116552022706029032
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
@rmondello : what makes passkeys strong:
1. Software checks the domain name, which makes phishing hard;
2. Https is enforced, which helps prevent AitM attacks (unless Cloudflare et al. come into play);
3. A unique, long, unguessible, randomly generated "password" (public key) per account: dumb password rules and broken human RNG's no longer apply.
The rest is marketing (including the -hyped- asymmetric cryptography).
The "advantage" of denying the owner access to their own private keys hardly makes sense as long as session cookies are not device-bound.
The disadvantage of not being able to back up ones own private keys is the risk of vendor lock-in and the underestimated huge risk of account lockout [1]. And the latter leads to the necessity of being able to log in using weak authentication after the user loses access to their private keys.
[1] https://seclists.org/fulldisclosure/2024/Feb/15
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
@rmondello : what makes passkeys strong:
1. Software checks the domain name, which makes phishing hard;
2. Https is enforced, which helps prevent AitM attacks (unless Cloudflare et al. come into play);
3. A unique, long, unguessible, randomly generated "password" (public key) per account: dumb password rules and broken human RNG's no longer apply.
The rest is marketing (including the -hyped- asymmetric cryptography).
The "advantage" of denying the owner access to their own private keys hardly makes sense as long as session cookies are not device-bound.
The disadvantage of not being able to back up ones own private keys is the risk of vendor lock-in and the underestimated huge risk of account lockout [1]. And the latter leads to the necessity of being able to log in using weak authentication after the user loses access to their private keys.
[1] https://seclists.org/fulldisclosure/2024/Feb/15
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
@rmondello : what makes passkeys strong:
1. Software checks the domain name, which makes phishing hard;
2. Https is enforced, which helps prevent AitM attacks (unless Cloudflare et al. come into play);
3. A unique, long, unguessible, randomly generated "password" (public key) per account: dumb password rules and broken human RNG's no longer apply.
The rest is marketing (including the -hyped- asymmetric cryptography).
The "advantage" of denying the owner access to their own private keys hardly makes sense as long as session cookies are not device-bound.
The disadvantage of not being able to back up ones own private keys is the risk of vendor lock-in and the underestimated huge risk of account lockout [1]. And the latter leads to the necessity of being able to log in using weak authentication after the user loses access to their private keys.
[1] https://seclists.org/fulldisclosure/2024/Feb/15
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
@rmondello : what makes passkeys strong:
1. Software checks the domain name, which makes phishing hard;
2. Https is enforced, which helps prevent AitM attacks (unless Cloudflare et al. come into play);
3. A unique, long, unguessible, randomly generated "password" (public key) per account: dumb password rules and broken human RNG's no longer apply.
The rest is marketing (including the -hyped- asymmetric cryptography).
The "advantage" of denying the owner access to their own private keys hardly makes sense as long as session cookies are not device-bound.
The disadvantage of not being able to back up ones own private keys is the risk of vendor lock-in and the underestimated huge risk of account lockout [1]. And the latter leads to the necessity of being able to log in using weak authentication after the user loses access to their private keys.
[1] https://seclists.org/fulldisclosure/2024/Feb/15
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports