#passkey — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #passkey, aggregated by home.social.
-
Diese #Passkey sind so nervig. Gebe den Username ein, klicke weiter, gebe das PW ein, weiter -> "Du musst Dich mit dem Passkey anmelden" -> Weiter -> "Android oder Key" -> Android -> Handy rausholen -> MS Auth starten -> Fingerprint -> Knopf für QR Code drücken -> Scannen -> Account auswählen -> Fingerprint -> ENDLICH eingeloggt.
Wozu braucht es überhaupt noch User/PW? Mit Passkey sollte das doch überflüssig sein. Und wer zu Geier baut solche Prozesse? Das geht doch sicher auch einfacher! -
Diese #Passkey sind so nervig. Gebe den Username ein, klicke weiter, gebe das PW ein, weiter -> "Du musst Dich mit dem Passkey anmelden" -> Weiter -> "Android oder Key" -> Android -> Handy rausholen -> MS Auth starten -> Fingerprint -> Knopf für QR Code drücken -> Scannen -> Account auswählen -> Fingerprint -> ENDLICH eingeloggt.
Wozu braucht es überhaupt noch User/PW? Mit Passkey sollte das doch überflüssig sein. Und wer zu Geier baut solche Prozesse? Das geht doch sicher auch einfacher! -
-
-
#passkey
No, thanks, I'm using @bitwarden
and I HAVE A PASSKEY FOR EBAY IN THERE -
#passkey
No, thanks, I'm using @bitwarden
and I HAVE A PASSKEY FOR EBAY IN THERE -
-
-
After logging in to eBay with password - why create a new #passkey ???
-
After logging in to eBay with password - why create a new #passkey ???
-
@1password @MrRooni are you planning to support receiving Apple Passwords exports of Passkey into 1Password?
https://sixcolors.com/post/2025/09/export-keys-securely-from-passwords-to-third-party-managers/
-
@1password @MrRooni are you planning to support receiving Apple Passwords exports of Passkey into 1Password?
https://sixcolors.com/post/2025/09/export-keys-securely-from-passwords-to-third-party-managers/
-
Рунет без Google Login: что теперь делать с авторизацией
В России снова обсуждают вход на сайты через Google, Apple ID, GitHub и другие иностранные аккаунты. Повод — подписанный закон № 199-ФЗ от 26.06.2026 , который добавил в КоАП штрафы за нарушение правил авторизации пользователей. Но сам запрет появился не сейчас. Базовая норма пришла ещё с 406-ФЗ от 31.07.2023 и с 1 декабря 2023 года живёт в ч. 10 ст. 8 закона № 149-ФЗ «Об информации» . Новость 2026 года в том, что теперь за нарушение есть отдельная статья КоАП — 13.55 : для граждан 10–20 тысяч рублей, для должностных лиц 30–50 тысяч, для юрлиц 500–700 тысяч. Обычного пользователя за аккаунт Gmail или Apple ID штрафовать не собираются (возможно, тут надо бы добавить слово «пока»), штрафы адресованы владельцу сайта, приложения или информационной системы, если он даёт пользователю из России войти способом, который закон теперь не считает допустимым. Снаружи всё выглядит как борьба с иностранными кнопками входа. На деле это спор о том, кто держит ключ от аккаунта пользователя.
https://habr.com/ru/articles/1053664/
#авторизация #аутентификация #OAuth_20 #OpenID_Connect #SSO #passkey #149ФЗ #КоАП_1355 #российский_IdP #SIM_swap
-
iX-Workshop: Passwortlose Authentifizierung mit Passkeys, FIDO, SSO und mehr
Wie man FIDO2 und SSO in Webdienste integriert: Konzepte, Protokolle und Best Practices für eine sichere Authentifizierung mit und ohne Passwort.
#IdentityManagement #IT #iXWorkshops #Passkey #ZweifaktorAuthentisierung #news
-
iX-Workshop: Passwortlose Authentifizierung mit Passkeys, FIDO, SSO und mehr
Wie man FIDO2 und SSO in Webdienste integriert: Konzepte, Protokolle und Best Practices für eine sichere Authentifizierung mit und ohne Passwort.
#IdentityManagement #IT #iXWorkshops #Passkey #ZweifaktorAuthentisierung #news
-
New website names and shames companies that still don’t offer #passkeys to users
-
New website names and shames companies that still don’t offer #passkeys to users
-
#googleioconnect in the #Chrome authenticatiion session. Speaker is praising federated identity. And #passkey as an upgrade.
-
Do any other #LineageOS users find you can use your fingerprint to open your phone (in my case, Pixel 3a XL), and in some apps, but in other cases when you try to add a #passkey, the fingerprint option isn't there, and the only choices are NFC security key, USB security key, and "Use another device"?
-
I've come across a bit of #passkey fud over the years and some misconceptions. I've written a general overview of the topic and added a FAQ section at the bottom.
I tried to keep the main part light on technical details with a few more technical explanations in the appendix below.https://jrtberlin.de/p/passkeys-a-comprehensive-overview/
Feel free to reach out if you think I missed something or the FAQ lacks a certain question!
Big thanks to @ljrk for the technical QA and to @brahms for the QA of the German variant.
-
I've come across a bit of #passkey fud over the years and some misconceptions. I've written a general overview of the topic and added a FAQ section at the bottom.
I tried to keep the main part light on technical details with a few more technical explanations in the appendix below.https://jrtberlin.de/p/passkeys-a-comprehensive-overview/
Feel free to reach out if you think I missed something or the FAQ lacks a certain question!
Big thanks to @ljrk for the technical QA and to @brahms for the QA of the German variant.
-
Found this. Anyone know if this is secure, and if it works? KeePassPasskey plugin https://github.com/yusei36/KeePassPasskey/releases #Passkey #Passkeys #KeePass
-
Found this. Anyone know if this is secure, and if it works? KeePassPasskey plugin https://github.com/yusei36/KeePassPasskey/releases #Passkey #Passkeys #KeePass
-
緊急アクセス用管理アカウント (Break glass) 入門: 基本構成からセオリー外の追加構成まで解説
https://qiita.com/carol0226/items/bbd69bdc907a48f0e67f?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items -
This portable Passkeys trick of mine works better than I thought! I love Passkeys now that I keep them in a portable database. How to make portable Passkeys, Sightless Scribbles https://sightlessscribbles.com/posts/how-to-make-portable-passkeys/ #Security #Passkey #Passkeys #Tech #Technology #InfoSec
-
This portable Passkeys trick of mine works better than I thought! I love Passkeys now that I keep them in a portable database. How to make portable Passkeys, Sightless Scribbles https://sightlessscribbles.com/posts/how-to-make-portable-passkeys/ #Security #Passkey #Passkeys #Tech #Technology #InfoSec
-
@miclgael @trode The big problem right now is that every #passkey implementation is different.
A thing that sidetracks people is worrying about ‘moving a passkey from one system to another’, instead set up a passkey in each trusted system.
Unless of course the server didn’t implement passkeys right and it doesn’t support multiple passkeys, if that happens I won’t use them.
It’s actually great, it’s just too much damn research. (On the server side too.)
I’m hopeful it’ll get there eventually.
-
@M_E_ST @kuketzblog
Ich habe ein Konto bei #Lieferando, aber OHNE #Passwort. Es gibt keins. Wie logge ich mich ein? Mit #Passkey? Nein, viel absurder.
Nachfolgend eine Beschreibung des Prozesses mit Screenshots. Meine persönlichen Daten habe ich natürlich raus editiert. -
@M_E_ST @kuketzblog
Ich habe ein Konto bei #Lieferando, aber OHNE #Passwort. Es gibt keins. Wie logge ich mich ein? Mit #Passkey? Nein, viel absurder.
Nachfolgend eine Beschreibung des Prozesses mit Screenshots. Meine persönlichen Daten habe ich natürlich raus editiert. -
🔥 TRENDING
📢 Salesforce: Zwei-Faktor-Authentifizierung per Passkey ab Juli - Börse Express
#Salesforce #Zwei-faktor-authentifizierung #Passkey #Juli #GlobalFeed #News #DE
*Automatisch gepostet v...
-
Android: Google vereinfacht sicheren Transfer von Passkeys und Passwörtern | heise online
https://heise.de/-11315823 #Android #Passkey #Passwort -
Android: Google vereinfacht sicheren Transfer von Passkeys und Passwörtern | heise online
https://heise.de/-11315823 #Android #Passkey #Passwort -
One for the #passkey hall of shame.
I don't have 1Password completely set up on this computer (though I have the browser plugin from an earlier job) and so after logging in to PayPal I am just ... stuck? I can't proceed with creating a passkey, nor skip it.
-
One for the #passkey hall of shame.
I don't have 1Password completely set up on this computer (though I have the browser plugin from an earlier job) and so after logging in to PayPal I am just ... stuck? I can't proceed with creating a passkey, nor skip it.
-
Wrote up the test procedure for this. And another experience that's bugging me.
#passkey 's are a good concept, but #Microsoft is not impressing me right now.
https://webapps.stackexchange.com/questions/182396/if-you-use-a-passkey-to-sign-in-does-microsoft-still-ask-for-a-verification-code/ -
Wrote up the test procedure for this. And another experience that's bugging me.
#passkey 's are a good concept, but #Microsoft is not impressing me right now.
https://webapps.stackexchange.com/questions/182396/if-you-use-a-passkey-to-sign-in-does-microsoft-still-ask-for-a-verification-code/ -
Microsoft va arrêter les codes par SMS pour les connexions aux comptes personnels ! https://www.it-connect.fr/microsoft-va-arreter-les-codes-par-sms-pour-les-connexions-aux-comptes-personnels/ #ActuCybersécurité #Cybersécurité #Microsoft #Passkey
-
Microsoft va arrêter les codes par SMS pour les connexions aux comptes personnels ! https://www.it-connect.fr/microsoft-va-arreter-les-codes-par-sms-pour-les-connexions-aux-comptes-personnels/ #ActuCybersécurité #Cybersécurité #Microsoft #Passkey
-
Microsoft 淘汰短訊驗證碼 全面推動 Passkey 無密碼登入
Microsoft 宣佈將分階段停止向個人帳戶發送短訊驗證碼,改用 Passkey 通行密鑰、已驗證備用電郵及 […]
#科技新聞 #Windows 11 #資訊保安 #microsoft
https://unwire.hk/2026/05/20/microsoft-passkey-sms-verification-end/fun-tech/?utm_source=rss&utm_medium=rss&utm_campaign=microsoft-passkey-sms-verification-end -
@ScottHelme "This is mostly a list of things passkeys were never claimed to solve":
1. You skipped the "private key never leaves the device" lie. Note that this vuln: https://seclists.org/fulldisclosure/2024/Feb/15 is unfixed (see https://todon.nl/@ErikvanStraten/116552104781266939).
The alternative, having access to YOUR OWN private keys does not make #BigTech lock-in vendors (i.e. Google, Apple) happy: https://github.com/keepassxreboot/keepassxc/issues/10407.
Btw, also unfixed: iOS/iPadOS passkeys may be used without local auth under certain conditions: https://todon.nl/@ErikvanStraten/115658045799601168 (@timcappalli ).
2. Nobody cares what is considered out of scope for ANY auth. solution, in particular if it they're not told about it. People want to know their risks w.r.t. account takeover and account lockout. We need a safer internet.
3. "Passkeys are not magic": I don't see "what risks remain" in https://scotthelme.co.uk/passkeys-101-an-introduction-to-passkeys-and-how-they-work/ - which is why I objected.
4. Passkeys "are a major improvement over passwords": that depends. If people use a password manager to create unique long random passwords (which they should), and use AutoFill, then the advantages and risks (attestation?) of using passkeys vs passwords are not clear and neither easily comparable.
#Passkeys #AndroidPasskeysGone #ApplePasskeyRisks #Passkey #PasswordManager #AutoFill #Autonomy #BigTechIsEvil #MYprivateKeys #DumbPasswordRules
-
@ScottHelme "This is mostly a list of things passkeys were never claimed to solve":
1. You skipped the "private key never leaves the device" lie. Note that this vuln: https://seclists.org/fulldisclosure/2024/Feb/15 is unfixed (see https://todon.nl/@ErikvanStraten/116552104781266939).
The alternative, having access to YOUR OWN private keys does not make #BigTech lock-in vendors (i.e. Google, Apple) happy: https://github.com/keepassxreboot/keepassxc/issues/10407.
Btw, also unfixed: iOS/iPadOS passkeys may be used without local auth under certain conditions: https://todon.nl/@ErikvanStraten/115658045799601168 (@timcappalli ).
2. Nobody cares what is considered out of scope for ANY auth. solution, in particular if it they're not told about it. People want to know their risks w.r.t. account takeover and account lockout. We need a safer internet.
3. "Passkeys are not magic": I don't see "what risks remain" in https://scotthelme.co.uk/passkeys-101-an-introduction-to-passkeys-and-how-they-work/ - which is why I objected.
4. Passkeys "are a major improvement over passwords": that depends. If people use a password manager to create unique long random passwords (which they should), and use AutoFill, then the advantages and risks (attestation?) of using passkeys vs passwords are not clear and neither easily comparable.
#Passkeys #AndroidPasskeysGone #ApplePasskeyRisks #Passkey #PasswordManager #AutoFill #Autonomy #BigTechIsEvil #MYprivateKeys #DumbPasswordRules
-
@ScottHelme : why do security people not mention any disadvantages of authentication mechanisms, and even lie about certain aspects?
"private key never leaves your device": if this were true, then a bricked, lost, stolen or simply replaced device by a new one, would mean that the user loses access to all of their passkeys on the former device.
"no password to steal": session cookies continue to be stealable.
"stops phishing attacks": not while *creating* a passkey, not when an attacker manages to obtain a valid certificate for a site with the particular domain name and is able to send visitors there, and in specific cases using subdomains and faulty server webauthn implementations.
"Your device now knows where your passkey can be used, and it will not let you use it anywhere else, which is a protection that can't be offered for passwords": it *can* (but is uncommon, it beats me why).
"The public key […] here isn't an additional piece of sensitive information in there to be compromised and all the attacker has managed to gain access to is the public key of the user": in case of a server breach, the attacker can add their own passkey public key or replace yours.
Please stop misleading people (like happened with TOTP).
#Passkeys #PasskeyRisks #VendorLockIn #TOTP #Passwords #Passkey
-
OK, normally I have my shit wired together, but this bastard is getting to me.
The requirement is for 'phishing-resistant' second factor. That rules out all of the six-digit code apps - it is too easy apparently to get someone to read out their codes to an attacker.
Again, IDK, but apparently 'phishing-resistant' is the next Big Thing. My personal feeling? We are chasing our shadows. Unless I am the last alive Iranian nuclear bloke, my login is as secure as I can be bothered to make it, and I am bound to be disappointed by a weakness at some point in the near or far future. Phishing isn't on the agenda.
Life.
I carry a seemingly-fine cryptographic store about with me most days and ludicrously call it my 'phone'. It can sign stuff, wrangle certificates, store passwords, read faces and fingerprints and QRcodes and NFC tags. Heaps of useful 'security' stuff. I wouldn't call the software environment _secure_ at all, but ... IDK, people seem happy enough with it. Anything for an easy life. Row with the flow.
So I search for:
"google passkey login with ssh"
My god, whatalottasloppa comes back. A gattling gun of half-arsery, cant and junk advice.
Then "MS hello for business login ssh". Christ almighty. Much worse. Worse again.
Then "Apple ID login to ssh". At least that seems to be a simple: "no". A relief really.Someone in the know please: can I set up my sshd to use my phone-based passkey as a; primary, secondary or even the complete, login?
#TOTP #HOTP #passkey #sshd #key #certificates #PSK #login #ssh #linux #pam #openssh
-
So, erste Erfahrungen mit #Passkey und Hardware-Token gesammelt.
Für meinen J+S Baspo NDS Login habe ich bislang CH-Login verwendet, aber dieses weist in letzter Zeit penetrant auf den AGOV-Login hin. Da ich mich erstens an keine App und schon gar nicht an ein Google/Apple-Gerät binden will, fiel meine Wahl auf ein Hardware-Token. Ich hatte schon etwas Erfahrung mit Yubikeys gemacht, bin unterdessen aber auf token2.swiss gestossen und wollte das mal ausprobieren. Dabei ist mir aufgefallen, das die explizit Token für #AGOV führen [1] und habe diese Chance wahrgenommen und mir so einen bestellt (PINPlus Dual Slim FIDO2.1 Key USB).
Schwierigkeit war vor allem, dass ich das mit Firefox unter Debian Linux verwenden will, es dafür jedoch keine Dokumentation gibt (die gibt es für Windows und OSX mit Chrome und Safari). Also habe ich mich da mal etwas länger informiert wie das alles zusammen wirkt.
Als erstes habe ich den sowieso mal notwendigen Upgrade von Debian Bookworm auf Trixie durchgeführt, damit ist die Software schon mal etwas aktueller. Unter Debian Trixie gibt es die libfido2 in Version 1.15.0, welche mit solchen USB-Sticks funktionieren sollte. Das Zusatzpaket fido2-tools liefert noch das Command fido2-token für die Verwaltung. Beides entstammt Yubico.
Für das Setzen eines PIN gibt es von eine von Token2 abgeänderte libfido2-Variante genannt fido2-manage [2]. Diese lässt sich unter Debian Trixie problemlos bauen, worauf sich dann mit fido2-manage.sh der PIN setzen lässt. Da dieses Paket das von Yubico [3] als Basis hat, hat man schliesslich zwei fast identische libfido2 in Version 1.15.0 vor sich. Das bringt unter anderen Schwierigkeiten mit sich, dass sich dieses nicht ohne grössere Anpassungen paketieren lässt, da sich so die beiden libfido2-1 ins Gehege kommen und man erste nicht deinstallieren will, weil u.a. OpenSSH davon abhängt.
Ich habe aber gesehen, dass die von Debian gelieferte libfido2 von Yubico auch mit dem Token2 Token funktioniert. Ausserdem funktioniert in Firefox die #FIDO2 Infrastruktur und Passkey gut mit dem Token zusammen (nachdem ich den PIN gesetzt habe). Der Wechsel von CH-Login nach AGOV hat damit dann problemlos geklappt.
Als nächstes versuche ich herauszufinden, inwiefern sich die libfido2 von Yubico und Token2 unterscheiden und ob diese nicht zusammengeführt werden könnten.
[1] https://agov.token2.ch/
[2] https://github.com/token2/fido2-manage
[3] https://github.com/Yubico/libfido2 -
Someone noticed! SMS “Hey baby boy, how many technical people did you piss off by translating their technical Passkey mambo jumbo nonsense into paragraphs about cats and cookies? I love it! Can you do this for all technical documentation?”https://sightlessscribbles.com/posts/how-to-make-portable-passkeys/ #Tech #Technology #PassKey #Passkey #Passkeys #BackUpPasskeys