#passkeys — Public Fediverse posts on home.social

𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕 @[email protected] · 2026-05-13 · 06:35 UTC

«Phishing durch KI setzt Nutzer zunehmend unter Druck:
Moderne Phishing Angriffe werden durch künstliche Intelligenz immer schwerer erkennbar. Unternehmen und Plattformen reagieren mit neuen Sicherheitsfunktionen.»

Ach guck, die IT-Sicherheit und deren Gefahr durch kriminellen Einsatz der KI und deren Schutz davor, u.a .durch Passkeys, nun auch in den online Boulevard News.

📰 https://www.nau.ch/news/digital/phishing-durch-ki-setzt-nutzer-zunehmend-unter-druck-67127549

#aislop #itsicherheit #passkeys #itsec #online #boulevard #phishing #nauch #it

#aislop #itsicherheit #passkeys #itsec #online #boulevard

Rob Pegoraro @[email protected] · 2026-05-11 · 03:12 UTC

Weekly output: Google I/O teaser, satellite-to-phone services, passkeys, connected-home considerations, Matter

I’m spending a few days in cooler confines–Monday morning, I head to Vancouver for the second year of Web Summit’s conference there. And just like last year, I won’t have enough time to do much wandering around British Columbia’s largest city and taking in its stunningly beautiful mountains-and-sea scenery, because I have three panels to moderate over Tuesday and Wednesday (with the conference hosts paying for my hotel and reimbursing my airfare).

5/5/2026: Google Teases I/O Pregame Event. How to Watch ‘The Android Show’ on May 12, PCMag

This was one of the shortest posts I’ve written for PCMag, owing to the paucity of information in the brief teaser video Google published.

5/7/2026: FCC Chair: Starlink Isn’t Enough. We Need at Least 3 Satellite-to-Phone Services, PCMag

I spent Wednesday afternoon at the wireless trade group CTIA’s annual summit in Washington. Most of the talks on the program didn’t yield anything too newsworthy, but Federal Communications Commission chair Brendan Carr’s appearance met that bar even though he didn’t talk about his clumsy attempts to leverage the FCC’s broadcast licensing authority to punish TV shows and TV hosts for being mean to Republicans.

5/7/2026: Passkey-Adoption Report Finds Many Orgs Don’t Know How to Quit Passwords, PCMag

I had an advance copy of this FIDO Alliance survey but didn’t have time to write it up in advance; fortunately, Thursday did have enough idle time for me to get this post written and filed.

5/8/2026: Smart Homes In Practice: Bridging Design, Integration, And Market Promises With Real Human-Centered Living Outcomes, Smarter Infrastructure Summit

I had a brief trip to Chicago–well, its suburb Rosemont–for this small conference. I was a late addition to this panel, in which moderator Lisa An Wong quizzed me and architect Stephen Yas and connect-home integrator Corey Ardell about ways to get homes and the appliances in them thoughtfully wired.

5/9/2026: Matter Smart Home Standard Still Looks Immaterial At Retail, Smarter Infrastructure Summit

The title of this talk I did mirrors the story I did for PCMag almost three years ago; that post caught the attention of the conference organizers, and the chance to revisit the topic and get in some practice with doing a solo presentation led me to accept their travel-expenses-covered invitation.

#AmazonLeo #AndroidShow #ASTSpaceMobile #BrendanCarr #CTIA #CTIASummit #FIDOAlliance #Globalstar #GoogleIO #Matter #passkeys #passwords #SmarterInfrastructureSummit #Starlink #Vancouver #WebSummitVancouver #YVR

#amazonleo #androidshow #astspacemobile #brendancarr #ctia #ctiasummit

Rob Pegoraro @[email protected] · 2026-05-11 · 03:12 UTC

Weekly output: Google I/O teaser, satellite-to-phone services, passkeys, connected-home considerations, Matter

I’m spending a few days in cooler confines–Monday morning, I head to Vancouver for the second year of Web Summit’s conference there. And just like last year, I won’t have enough time to do much wandering around British Columbia’s largest city and taking in its stunningly beautiful mountains-and-sea scenery, because I have three panels to moderate over Tuesday and Wednesday (with the conference hosts paying for my hotel and reimbursing my airfare).

5/5/2026: Google Teases I/O Pregame Event. How to Watch ‘The Android Show’ on May 12, PCMag

This was one of the shortest posts I’ve written for PCMag, owing to the paucity of information in the brief teaser video Google published.

5/7/2026: FCC Chair: Starlink Isn’t Enough. We Need at Least 3 Satellite-to-Phone Services, PCMag

I spent Wednesday afternoon at the wireless trade group CTIA’s annual summit in Washington. Most of the talks on the program didn’t yield anything too newsworthy, but Federal Communications Commission chair Brendan Carr’s appearance met that bar even though he didn’t talk about his clumsy attempts to leverage the FCC’s broadcast licensing authority to punish TV shows and TV hosts for being mean to Republicans.

5/7/2026: Passkey-Adoption Report Finds Many Orgs Don’t Know How to Quit Passwords, PCMag

I had an advance copy of this FIDO Alliance survey but didn’t have time to write it up in advance; fortunately, Thursday did have enough idle time for me to get this post written and filed.

5/8/2026: Smart Homes In Practice: Bridging Design, Integration, And Market Promises With Real Human-Centered Living Outcomes, Smarter Infrastructure Summit

I had a brief trip to Chicago–well, its suburb Rosemont–for this small conference. I was a late addition to this panel, in which moderator Lisa An Wong quizzed me and architect Stephen Yas and connect-home integrator Corey Ardell about ways to get homes and the appliances in them thoughtfully wired.

5/9/2026: Matter Smart Home Standard Still Looks Immaterial At Retail, Smarter Infrastructure Summit

The title of this talk I did mirrors the story I did for PCMag almost three years ago; that post caught the attention of the conference organizers, and the chance to revisit the topic and get in some practice with doing a solo presentation led me to accept their travel-expenses-covered invitation.

#AmazonLeo #AndroidShow #ASTSpaceMobile #BrendanCarr #CTIA #CTIASummit #FIDOAlliance #Globalstar #GoogleIO #Matter #passkeys #passwords #SmarterInfrastructureSummit #Starlink #Vancouver #WebSummitVancouver #YVR

#amazonleo #androidshow #astspacemobile #brendancarr #ctia #ctiasummit

Rob Pegoraro @[email protected] · 2026-05-11 · 03:12 UTC

Weekly output: Google I/O teaser, satellite-to-phone services, passkeys, connected-home considerations, Matter

I’m spending a few days in cooler confines–Monday morning, I head to Vancouver for the second year of Web Summit’s conference there. And just like last year, I won’t have enough time to do much wandering around British Columbia’s largest city and taking in its stunningly beautiful mountains-and-sea scenery, because I have three panels to moderate over Tuesday and Wednesday (with the conference hosts paying for my hotel and reimbursing my airfare).

5/5/2026: Google Teases I/O Pregame Event. How to Watch ‘The Android Show’ on May 12, PCMag

This was one of the shortest posts I’ve written for PCMag, owing to the paucity of information in the brief teaser video Google published.

5/7/2026: FCC Chair: Starlink Isn’t Enough. We Need at Least 3 Satellite-to-Phone Services, PCMag

I spent Wednesday afternoon at the wireless trade group CTIA’s annual summit in Washington. Most of the talks on the program didn’t yield anything too newsworthy, but Federal Communications Commission chair Brendan Carr’s appearance met that bar even though he didn’t talk about his clumsy attempts to leverage the FCC’s broadcast licensing authority to punish TV shows and TV hosts for being mean to Republicans.

5/7/2026: Passkey-Adoption Report Finds Many Orgs Don’t Know How to Quit Passwords, PCMag

I had an advance copy of this FIDO Alliance survey but didn’t have time to write it up in advance; fortunately, Thursday did have enough idle time for me to get this post written and filed.

5/8/2026: Smart Homes In Practice: Bridging Design, Integration, And Market Promises With Real Human-Centered Living Outcomes, Smarter Infrastructure Summit

I had a brief trip to Chicago–well, its suburb Rosemont–for this small conference. I was a late addition to this panel, in which moderator Lisa An Wong quizzed me and architect Stephen Yas and connect-home integrator Corey Ardell about ways to get homes and the appliances in them thoughtfully wired.

5/9/2026: Matter Smart Home Standard Still Looks Immaterial At Retail, Smarter Infrastructure Summit

The title of this talk I did mirrors the story I did for PCMag almost three years ago; that post caught the attention of the conference organizers, and the chance to revisit the topic and get in some practice with doing a solo presentation led me to accept their travel-expenses-covered invitation.

#AmazonLeo #AndroidShow #ASTSpaceMobile #BrendanCarr #CTIA #CTIASummit #FIDOAlliance #Globalstar #GoogleIO #Matter #passkeys #passwords #SmarterInfrastructureSummit #Starlink #Vancouver #WebSummitVancouver #YVR

#yvr #websummitvancouver #vancouver #starlink #smarterinfrastructuresummit #passwords

Rob Pegoraro @[email protected] · 2026-05-11 · 03:12 UTC

Weekly output: Google I/O teaser, satellite-to-phone services, passkeys, connected-home considerations, Matter

I’m spending a few days in cooler confines–Monday morning, I head to Vancouver for the second year of Web Summit’s conference there. And just like last year, I won’t have enough time to do much wandering around British Columbia’s largest city and taking in its stunningly beautiful mountains-and-sea scenery, because I have three panels to moderate over Tuesday and Wednesday (with the conference hosts paying for my hotel and reimbursing my airfare).

5/5/2026: Google Teases I/O Pregame Event. How to Watch ‘The Android Show’ on May 12, PCMag

This was one of the shortest posts I’ve written for PCMag, owing to the paucity of information in the brief teaser video Google published.

5/7/2026: FCC Chair: Starlink Isn’t Enough. We Need at Least 3 Satellite-to-Phone Services, PCMag

I spent Wednesday afternoon at the wireless trade group CTIA’s annual summit in Washington. Most of the talks on the program didn’t yield anything too newsworthy, but Federal Communications Commission chair Brendan Carr’s appearance met that bar even though he didn’t talk about his clumsy attempts to leverage the FCC’s broadcast licensing authority to punish TV shows and TV hosts for being mean to Republicans.

5/7/2026: Passkey-Adoption Report Finds Many Orgs Don’t Know How to Quit Passwords, PCMag

I had an advance copy of this FIDO Alliance survey but didn’t have time to write it up in advance; fortunately, Thursday did have enough idle time for me to get this post written and filed.

5/8/2026: Smart Homes In Practice: Bridging Design, Integration, And Market Promises With Real Human-Centered Living Outcomes, Smarter Infrastructure Summit

I had a brief trip to Chicago–well, its suburb Rosemont–for this small conference. I was a late addition to this panel, in which moderator Lisa An Wong quizzed me and architect Stephen Yas and connect-home integrator Corey Ardell about ways to get homes and the appliances in them thoughtfully wired.

5/9/2026: Matter Smart Home Standard Still Looks Immaterial At Retail, Smarter Infrastructure Summit

The title of this talk I did mirrors the story I did for PCMag almost three years ago; that post caught the attention of the conference organizers, and the chance to revisit the topic and get in some practice with doing a solo presentation led me to accept their travel-expenses-covered invitation.

#AmazonLeo #AndroidShow #ASTSpaceMobile #BrendanCarr #CTIA #CTIASummit #FIDOAlliance #Globalstar #GoogleIO #Matter #passkeys #passwords #SmarterInfrastructureSummit #Starlink #Vancouver #WebSummitVancouver #YVR

#amazonleo #androidshow #astspacemobile #brendancarr #ctia #ctiasummit

Erik van Straten @[email protected] · 2026-05-10 · 21:03 UTC

@jtb : an increasing number of people I know do no longer use desktops (that is, at home). An iPhone and an iPad, or an Android phone (and optionally a Chromebook), suffice for most people.

Commercial password managers will try to lock you in as a customer, while using open source (such as KeePass compatible) apps leads to other risks (such as stopped maintenance or malicious take over).

Most people I know even refuse to use password managers because of their complexity - while they enormously underestimate their risks by using one or a few weak passwords written on paper or stored in excel sheets.

Some of them feel betrayed after being advised to use TOTP 2FA - which is not phishing resistant, effectively *is* a password manager, too often without backups (of the shared secrets) being made, leading to account lockout after losing their phones (or app malfunction). And I'm not even considering privacy invasive and insecure TOTP apps such as Authy.

Nobody warned them of risks associated with TOTP, as nobody warns them for the risks that come with passkeys. People are, IMO, righfully not interested in the crap the industry is trying to enforce on them.

@rmondello @brandonbutler

#Passkeys #AccountLockout #Authentication #TOTP #Authy

#passkeys #accountlockout #authentication #totp #authy

Erik van Straten @[email protected] · 2026-05-10 · 21:03 UTC

@jtb : an increasing number of people I know do no longer use desktops (that is, at home). An iPhone and an iPad, or an Android phone (and optionally a Chromebook), suffice for most people.

Commercial password managers will try to lock you in as a customer, while using open source (such as KeePass compatible) apps leads to other risks (such as stopped maintenance or malicious take over).

Most people I know even refuse to use password managers because of their complexity - while they enormously underestimate their risks by using one or a few weak passwords written on paper or stored in excel sheets.

Some of them feel betrayed after being advised to use TOTP 2FA - which is not phishing resistant, effectively *is* a password manager, too often without backups (of the shared secrets) being made, leading to account lockout after losing their phones (or app malfunction). And I'm not even considering privacy invasive and insecure TOTP apps such as Authy.

Nobody warned them of risks associated with TOTP, as nobody warns them for the risks that come with passkeys. People are, IMO, righfully not interested in the crap the industry is trying to enforce on them.

@rmondello @brandonbutler

#Passkeys #AccountLockout #Authentication #TOTP #Authy

#passkeys #accountlockout #authentication #totp #authy

Erik van Straten @[email protected] · 2026-05-10 · 21:03 UTC

@jtb : an increasing number of people I know do no longer use desktops (that is, at home). An iPhone and an iPad, or an Android phone (and optionally a Chromebook), suffice for most people.

Commercial password managers will try to lock you in as a customer, while using open source (such as KeePass compatible) apps leads to other risks (such as stopped maintenance or malicious take over).

Most people I know even refuse to use password managers because of their complexity - while they enormously underestimate their risks by using one or a few weak passwords written on paper or stored in excel sheets.

Some of them feel betrayed after being advised to use TOTP 2FA - which is not phishing resistant, effectively *is* a password manager, too often without backups (of the shared secrets) being made, leading to account lockout after losing their phones (or app malfunction). And I'm not even considering privacy invasive and insecure TOTP apps such as Authy.

Nobody warned them of risks associated with TOTP, as nobody warns them for the risks that come with passkeys. People are, IMO, righfully not interested in the crap the industry is trying to enforce on them.

@rmondello @brandonbutler

#Passkeys #AccountLockout #Authentication #TOTP #Authy

#passkeys #accountlockout #authentication #totp #authy

Erik van Straten @[email protected] · 2026-05-10 · 21:03 UTC

@jtb : an increasing number of people I know do no longer use desktops (that is, at home). An iPhone and an iPad, or an Android phone (and optionally a Chromebook), suffice for most people.

Commercial password managers will try to lock you in as a customer, while using open source (such as KeePass compatible) apps leads to other risks (such as stopped maintenance or malicious take over).

Most people I know even refuse to use password managers because of their complexity - while they enormously underestimate their risks by using one or a few weak passwords written on paper or stored in excel sheets.

Some of them feel betrayed after being advised to use TOTP 2FA - which is not phishing resistant, effectively *is* a password manager, too often without backups (of the shared secrets) being made, leading to account lockout after losing their phones (or app malfunction). And I'm not even considering privacy invasive and insecure TOTP apps such as Authy.

Nobody warned them of risks associated with TOTP, as nobody warns them for the risks that come with passkeys. People are, IMO, righfully not interested in the crap the industry is trying to enforce on them.

@rmondello @brandonbutler

#Passkeys #AccountLockout #Authentication #TOTP #Authy

#passkeys #accountlockout #authentication #totp #authy

Erik van Straten @[email protected] · 2026-05-10 · 19:52 UTC

@rmondello : what makes passkeys strong:

1. Software checks the domain name, which makes phishing hard;

2. Https is enforced, which helps prevent AitM attacks (unless Cloudflare et al. come into play);

3. A unique, long, unguessible, randomly generated "password" (public key) per account: dumb password rules and broken human RNG's no longer apply.

The rest is marketing (including the -hyped- asymmetric cryptography).

The "advantage" of denying the owner access to their own private keys hardly makes sense as long as session cookies are not device-bound.

The disadvantage of not being able to back up ones own private keys is the risk of vendor lock-in and the underestimated huge risk of account lockout [1]. And the latter leads to the necessity of being able to log in using weak authentication after the user loses access to their private keys.

@brandonbutler

[1] https://seclists.org/fulldisclosure/2024/Feb/15

#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports

#passkeys #phishing #phishingresistant #asymmetriccryptography #androidpasskeys #androidpasskeysgone

Seymour @[email protected] · 2026-05-10 · 13:06 UTC

Was genau ist ein Passkey?

Ein Passkey ist eine moderne und deutlich sicherere Alternative zum klassischen Passwort.

Anstatt sich komplizierte Passwörter merken zu müssen, meldet man sich einfach mit dem eigenen Gerät an – zum Beispiel per Fingerabdruck, Gesichtserkennung oder Geräte-PIN.

Der Passkey wird dabei sicher auf Ihrem Smartphone, Passwort-Manager oder Computer gespeichert.

Wie funktioniert das?

Vereinfacht gesagt bekommt jede Website zwei digitale Schlüssel:

Einen öffentlichen Schlüssel, den die Website speichert

Einen privaten Schlüssel, der nur auf Ihrem Gerät bleibt

Der private Schlüssel verlässt Ihr Gerät niemals.

[…]

#1password #ActivityPubPlugin #authentifizierung #bitwarden #blog #datenschutz #FediBlog #keepass #keepassdx #keepassxc #login #passkey #passkeys #passwort #passwörter #phishingschutz #sicherheit #wordpressBlog #WordPressFederation

Link zum kompletten Beitrag: https://mapf.net/u54k

#1password #activitypubplugin #authentifizierung #bitwarden #blog #datenschutz