#passwordless — Public Fediverse posts

This World Passkey Day, take a moment to thank your passwords for their years of service. Then, escort them gently to retirement before they reset themselves for the 14th time this quarter.

To every company still making users create complex passwords with inscrutable complexity rules, consider this your friendly intervention. The passwordless future is already here. Passkeys are making sign-ins faster, phishing-resistant, and dramatically less painful for users everywhere. That means fewer “Forgot Password?” clicks and fewer support tickets fueled by existential despair.

The time is now. Stop treating passkeys like a “coming soon” feature and start treating passwords like fax machines with better PR.

Happy #WorldPasskeyDay from all of us here at the FIDO Alliance.

#Passkeys #Passwordless #Authentication #Cybersecurity

https://winbuzzer.com/2026/05/01/openai-announces-new-advanced-security-for-chatgpt-xcxwbn/

OpenAI Launches Yubico-Backed ChatGPT Account Protection

#AI #ChatGPT #OpenAI #AISecurity #Authentication #Passwordless #Cybersecurity #DataSecurity #AIPartnerships

https://winbuzzer.com/2026/05/01/openai-announces-new-advanced-security-for-chatgpt-xcxwbn/

OpenAI Launches Yubico-Backed ChatGPT Account Protection

#AI #ChatGPT #OpenAI #AISecurity #Authentication #Passwordless #Cybersecurity #DataSecurity #AIPartnerships

https://winbuzzer.com/2026/05/01/openai-announces-new-advanced-security-for-chatgpt-xcxwbn/

OpenAI Launches Yubico-Backed ChatGPT Account Protection

#AI #ChatGPT #OpenAI #AISecurity #Authentication #Passwordless #Cybersecurity #DataSecurity #AIPartnerships

https://winbuzzer.com/2026/05/01/openai-announces-new-advanced-security-for-chatgpt-xcxwbn/

OpenAI Launches Yubico-Backed ChatGPT Account Protection

#AI #ChatGPT #OpenAI #AISecurity #Authentication #Passwordless #Cybersecurity #DataSecurity #AIPartnerships

https://winbuzzer.com/2026/05/01/openai-announces-new-advanced-security-for-chatgpt-xcxwbn/

OpenAI Launches Yubico-Backed ChatGPT Account Protection

#AI #ChatGPT #OpenAI #AISecurity #Authentication #Passwordless #Cybersecurity #DataSecurity #AIPartnerships

Почему мы до сих пор используем пароли, хотя все их ненавидят

Все ругают пароли, но продолжают их вводить. Даже там, где уже есть токены, OAuth и биометрия, Привычная строка «Введите пароль» никуда не делась. Кажется, мы привыкли к боли, но у этой устойчивости есть вполне рациональные причины… Заходите, расскажу вам правдивую историю про эпоху мейнфреймов, технический долг Unix и иллюзию беспарольного доступа, а также разберу замены и поделюсь классными парольными утилитами. Читать

https://habr.com/ru/companies/ruvds/articles/1021544/

#ruvds_статьи #пароли #аутентификация #unix #linux #pam #devops #системное_администрирование #passwordless #администрирование

Почему мы до сих пор используем пароли, хотя все их ненавидят

Все ругают пароли, но продолжают их вводить. Даже там, где уже есть токены, OAuth и биометрия, Привычная строка «Введите пароль» никуда не делась. Кажется, мы привыкли к боли, но у этой устойчивости есть вполне рациональные причины… Заходите, расскажу вам правдивую историю про эпоху мейнфреймов, технический долг Unix и иллюзию беспарольного доступа, а также разберу замены и поделюсь классными парольными утилитами. Читать

https://habr.com/ru/companies/ruvds/articles/1021544/

#ruvds_статьи #пароли #аутентификация #unix #linux #pam #devops #системное_администрирование #passwordless #администрирование

Почему мы до сих пор используем пароли, хотя все их ненавидят

Все ругают пароли, но продолжают их вводить. Даже там, где уже есть токены, OAuth и биометрия, Привычная строка «Введите пароль» никуда не делась. Кажется, мы привыкли к боли, но у этой устойчивости есть вполне рациональные причины… Заходите, расскажу вам правдивую историю про эпоху мейнфреймов, технический долг Unix и иллюзию беспарольного доступа, а также разберу замены и поделюсь классными парольными утилитами. Читать

https://habr.com/ru/companies/ruvds/articles/1021544/

#ruvds_статьи #пароли #аутентификация #unix #linux #pam #devops #системное_администрирование #passwordless #администрирование

https://winbuzzer.com/2026/03/11/microsoft-entra-passkeys-windows-phishing-resistant-sign-in-xcxwbn/

Microsoft Entra Passkeys Bring Phishing-Resistant Windows Sign-In

#Microsoft #MicrosoftEntra #MicrosoftEntraID #Cybersecurity #Authentication #Passwordless #CloudSecurity #MicrosoftSecurity #WindowsSecurity #Microsoft365 #EntraPasskeys

https://winbuzzer.com/2026/03/11/microsoft-entra-passkeys-windows-phishing-resistant-sign-in-xcxwbn/

Microsoft Entra Passkeys Bring Phishing-Resistant Windows Sign-In

#Microsoft #MicrosoftEntra #MicrosoftEntraID #Cybersecurity #Authentication #Passwordless #CloudSecurity #MicrosoftSecurity #WindowsSecurity #Microsoft365 #EntraPasskeys

https://winbuzzer.com/2026/03/11/microsoft-entra-passkeys-windows-phishing-resistant-sign-in-xcxwbn/

Microsoft Entra Passkeys Bring Phishing-Resistant Windows Sign-In

#Microsoft #MicrosoftEntra #MicrosoftEntraID #Cybersecurity #Authentication #Passwordless #CloudSecurity #MicrosoftSecurity #WindowsSecurity #Microsoft365 #EntraPasskeys

https://winbuzzer.com/2026/03/11/microsoft-entra-passkeys-windows-phishing-resistant-sign-in-xcxwbn/

Microsoft Entra Passkeys Bring Phishing-Resistant Windows Sign-In

#Microsoft #MicrosoftEntra #MicrosoftEntraID #Cybersecurity #Authentication #Passwordless #CloudSecurity #MicrosoftSecurity #WindowsSecurity #Microsoft365 #EntraPasskeys

https://winbuzzer.com/2026/03/11/microsoft-entra-passkeys-windows-phishing-resistant-sign-in-xcxwbn/

Microsoft Entra Passkeys Bring Phishing-Resistant Windows Sign-In

#Microsoft #MicrosoftEntra #MicrosoftEntraID #Cybersecurity #Authentication #Passwordless #CloudSecurity #MicrosoftSecurity #WindowsSecurity #Microsoft365 #EntraPasskeys

https://winbuzzer.com/2026/01/24/microsoft-auto-enabling-passkey-profiles-entra-id-march-2026-xcxwbn/

Microsoft Auto-Enabling Passkey Profiles in Entra ID March 2026

#MicrosoftEntraID #Microsoft #Security #Cybersecurity #MicrosoftCloud #Authentication #MicrosoftAzure #Passwordless ##FIDO2 #IdentityManagement #CloudSecurity #Microsoft365 #DataSecurity

Экосистема SeedKey. Или как улучшить беспарольную аутентификацию

Почему беспарольная аутентификация с помощью девайс ключей не так распространена? И почему сайты неохотно внедряют её у себя? В статье мы попытаемся разобраться с ответами на эти вопросы, и я расскажу о моем эксперименте исправить это.

https://habr.com/ru/articles/984456/

#webauthn #passkeys #беспарольная_аутентификация #passwordless #browser_extensions #fido #helm_chart #seedkey #ctap #sdk

Экосистема SeedKey. Или как улучшить беспарольную аутентификацию

Почему беспарольная аутентификация с помощью девайс ключей не так распространена? И почему сайты неохотно внедряют её у себя? В статье мы попытаемся разобраться с ответами на эти вопросы, и я расскажу о моем эксперименте исправить это.

https://habr.com/ru/articles/984456/

#webauthn #passkeys #беспарольная_аутентификация #passwordless #browser_extensions #fido #helm_chart #seedkey #ctap #sdk

Экосистема SeedKey. Или как улучшить беспарольную аутентификацию

Почему беспарольная аутентификация с помощью девайс ключей не так распространена? И почему сайты неохотно внедряют её у себя? В статье мы попытаемся разобраться с ответами на эти вопросы, и я расскажу о моем эксперименте исправить это.

https://habr.com/ru/articles/984456/

#webauthn #passkeys #беспарольная_аутентификация #passwordless #browser_extensions #fido #helm_chart #seedkey #ctap #sdk

Экосистема SeedKey. Или как улучшить беспарольную аутентификацию

Почему беспарольная аутентификация с помощью девайс ключей не так распространена? И почему сайты неохотно внедряют её у себя? В статье мы попытаемся разобраться с ответами на эти вопросы, и я расскажу о моем эксперименте исправить это.

https://habr.com/ru/articles/984456/

#webauthn #passkeys #беспарольная_аутентификация #passwordless #browser_extensions #fido #helm_chart #seedkey #ctap #sdk

Passwordless is finally happening, and users barely notice https://www.helpnetsecurity.com/2025/12/16/okta-mfa-security-shift-report/ #identitymanagement #authentication #cybersecurity #passwordless #report #News #Okta #MFA

Passwordless adoption moves from hype to habit https://www.helpnetsecurity.com/2025/10/31/passkey-adoption-trends-2025/ #authentication #cybersecurity #passwordless #enterprise #Don'tmiss #passwords #Dashlane #report #survey #News #CISO

Deuxième édition du Worteks Identity Club — succès au rendez‑vous !

Merci à tous nos utilisateurs qui sont venus partager leurs IDs ! Spécialement aux 4 intervenants pour leur retour d'expérience sur l'implémentation de @lemonldapng @ltb_project ou @lsc_project .

Retrouvez les supports des présentations dans notre section conférences: https://www.worteks.com/opensource/conferences/2025-2-worteks-identity-club-2/

#OpenSource #Identity #LemonLDAP #Passwordless #LDAP #SSO #OpenLDAP @clementoudot @dcoutadeur @elecharny

Making Self-Service Password Reset and Account Recovery Secure – Source: securityboulevard.com https://ciso2ciso.com/making-self-service-password-reset-and-account-recovery-secure-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #Identity&Access #Risk&Compliance #authentication #Industrynews #passwordless #Perspectives #Passkeys #SBNNews

Making Self-Service Password Reset and Account Recovery Secure – Source: securityboulevard.com https://ciso2ciso.com/making-self-service-password-reset-and-account-recovery-secure-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #Identity&Access #Risk&Compliance #authentication #Industrynews #passwordless #Perspectives #Passkeys #SBNNews

Making Self-Service Password Reset and Account Recovery Secure – Source: securityboulevard.com https://ciso2ciso.com/making-self-service-password-reset-and-account-recovery-secure-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #Identity&Access #Risk&Compliance #authentication #Industrynews #passwordless #Perspectives #Passkeys #SBNNews

Making Self-Service Password Reset and Account Recovery Secure – Source: securityboulevard.com https://ciso2ciso.com/making-self-service-password-reset-and-account-recovery-secure-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #Identity&Access #Risk&Compliance #authentication #Industrynews #passwordless #Perspectives #Passkeys #SBNNews

🍋 LemonLDAP::NG 2.21.2 is out!

🔗 Read our release notes: https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-2-is-out/

@ow2

#IAM #SSO #CAS #SAML #OpenIDConnect #OW2 #lemonldap #lemonldapng #Passkeys #Passwordless #WebAuthn #FIDO2 #WebSSO #OpenSource #FreeSoftware #LogicielLibre #Perl

🍋 LemonLDAP::NG 2.21.1 is out!

🔗 Read our release notes: https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-1-is-out/

@ow2

#IAM #SSO #CAS #SAML #OpenIDConnect #OW2 #lemonldap #lemonldapng #Passkeys #Passwordless #WebAuthn #FIDO2 #WebSSO #OpenSource #FreeSoftware #LogicielLibre #Perl

React-like functional webcomponents, but with vanilla HTML, JS and CSS

Introducing Dim – a new #Framework that brings #ReactJS-like functional #JSX-syntax with #VanillaJS. Check it out here:
🔗 Project: https://github.com/positive-intentions/dim
🔗 Website: https://dim.positive-intentions.com

My journey with #WebComponents started with Lit, and while I appreciated its native browser support (less #Tooling!), coming from #ReactJS, the class components felt like a step backward. The #FunctionalProgramming approach in React significantly improved my #DeveloperExperience and debugging flow.

So, I set out to build a thin, functional wrapper around #Lit, and Dim is the result! It's a #ProofOfConcept right now, with "main" #Hooks similar to React, plus some custom ones like useStore for #EncryptionAtRest. (Note: #StateManagement for encryption-at-rest is still unstable and currently uses a hardcoded password while I explore #Passwordless options like #WebAuthn/#Passkeys).

You can dive deeper into the #Documentation and see how it works here:
📚 Dim Docs: https://positive-intentions.com/docs/category/dim

This #OpenSource project is still in its early stages and very #Unstable, so expect #BreakingChanges. I've already received valuable #Feedback on some functions regarding #Security, and I'm actively investigating those. I'm genuinely open to all feedback as I continue to develop it!

#FrontendDev #JSFramework #Innovation #Coding #Programmer #Tech

Find the Best CIAM Solution for Your Business: A Comprehensive Guide to Modern Customer Identity Management – Source: securityboulevard.com https://ciso2ciso.com/find-the-best-ciam-solution-for-your-business-a-comprehensive-guide-to-modern-customer-identity-management-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #Identity&Access #authentication #Cybersecurity #passwordless #Passkeys #Security #CIAM #B2C #IAM

OTP Authentication in 2025: How MojoAuth Stacks Up Against Twilio Verify, Auth0, Stytch & Descope – Source: securityboulevard.com https://ciso2ciso.com/otp-authentication-in-2025-how-mojoauth-stacks-up-against-twilio-verify-auth0-stytch-descope-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #Identity&Access #authentication #Cybersecurity #passwordless #ECommerce #CIAM #B2C #OTP

Microsoft Makes New Consumer Accounts Passwordless by Default

#Microsoft #Passkeys #Passwordless #Cybersecurity #Authentication #Security #WorldPasskeyDay #WindowsHello #MicrosoftAccount #TechNews

https://winbuzzer.com/2025/05/02/microsoft-makes-new-consumer-accounts-passwordless-by-default-xcxwbn/

🍋 LemonLDAP::NG 2.21 is out!

📃 This new release includes improvements on OpenID Connect and CAS protocols, Loki logger, public notifications and much more.

🔗 Read our release notes: https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-0-is-out/

@ow2 @worteks_com

#IAM #SSO #CAS #SAML #OpenIDConnect #OW2 #lemonldap #lemonldapng #Passkeys #Passwordless #WebAuthn #FIDO2 #Loki #WebSSO #OpenSource #FreeSoftware #LogicielLibre #Perl

@dawisco maybe it will propel mastodon to develop some options for people? it could be great - more e2ee and fiber will help security, it is a cheap investment for what you get back #national security issues #tech race #passwordless trends #alice and bob #bb84

🎙️ Nous avons eu le plaisir de participer aujourd'hui à l'enregistrement d'un épisode du Podcast "Tout est sous CTRL" produit par nos amis de Centreon.

Interviewé par Vincent Untz , @clementoudot est venu parler de gestion des identités et des accès (IAM), d'authentification mutli-facteurs (2FA/MFA) et de PasswordLess, mais surtout d'Open Source !

@ow2 @opensource_experts @fsfe

#OpenSource #IAM #FreeSoftware #2FA #MFA #PasswordLess #IGA #LDAP #SSO #WebSSO #SAML #OpenIDConnect

Weekly output: Boom Supersonic’s XB-1, Comcast low latency, painstaking passkey progress

This has been a strange, sad and shocking week in the nation’s capital–first the mid-air collision outside National Airport Wednesday that left 67 people dead and ended a nearly 16-year streak without fatal crashes by U.S. airlines, then Elon Musk’s attempts to stage what I have to call a digital coup at the Treasury Department and the Agency for International Development.

Patreon readers got an extra post this week: my annual breakdown of last year’s income according to the business models of my freelance clients.

1/28/2025: Boom Supersonic’s XB-1 Testbed Plane Breaks the Sound Barrier, PCMag

Having Boom bump this test flight from Monday to Tuesday gave me a little extra time to check two descriptions of the XB-1: “independently developed” (Boom did this without government dollars or direction, unlike the Northrop F-20 fighter that was built with private money but was based on the earlier, taxpayer-funded F-5, and which that company developed at the request of the Pentagon) and “exceed Mach 1” (XB-1 sustained that achievement in level flight, unlike the Bombardier business-jet prototype that cracked the sound barrier in shallow dives in 2021).

1/29/2025: Comcast Upgrade Promises Ultra-Low Lag Xfinity Internet for Video Calls, VR, Games, PCMag

Comcast’s announcement of this new feature was shockingly short on details, but a company publicist was willing to answer e-mail after e-mail as I realized the data points I needed to write this post.

2/1/2025: The Passkey Future Is Here, But Some Companies Still Make It Too Complicated, PCMag

A year after I interviewed FIDO Alliance CEO Andrew Shikiar at a conference in D.C. about identity and authentication, I sat down with him at the 2025 version of this conference to discuss what the industry had and had not accomplished since January.

#AndrewShikiar #authentication #BoomSupersonic #Comcast #FIDOAlliance #infosec #lowLag #lowLatency #Mach1 #passkeys #passwordless #supersonic #XB1

A flaw in Microsoft Azure multi-factor authentication allowed attackers to brute-force accounts, exposing data in Teams, OneDrive, and more. #Microsoft #Cybersecurity #MFA #Authentication #DataSecurity #Microsoft365 #Azure #Hacking #Infosec #CloudSecurity #SecurityFlaw #Passwordless #CyberThreats #OasisSecurity #MicrosoftTeams

https://winbuzzer.com/2024/12/13/critical-microsoft-mfa-loophole-exposed-millions-of-user-accounts-xcxwbn/

I'm looking for a good overview/comparison of different #MFA/#2FA or #PasswordLess authentication protocols.

The recent #Fido2 #MitM risk made me aware that I need to learn more.

Pointers and #BoostWelcome

#fedipower #wisdomOfTheCrowd #FollowerPower

As the best way to get an answer on the internet, is to state something wrong, let's try this 😜

#FIDO and FIDO2 are actually a whole set of (related?) protocols.
FIDO includes FIDO #UAF (Universal Authentication Framework) and FIDO #U2F (Universal Second Factor).

FIDO2 is the "successor" of FIDO and consists of two parts.
#WebAuthn and #CTAP (Client to Authenticator Protocol). From the name I would guess that WebAuthn is for web stuff (requiring browser support) and CTAP is for IT infrastructure stuff (???)

#Passkey is based on #Fido2
Other related concepts or protocols are #OTP (one-time passwords), #TOTP (Time-based One-time Password) and #HOTP (“H” in HOTP stands for Hash-based Message Authentication Code (HMAC))

Not sure how #SmartCards play into this.

And not sure which of these methods would work for an offline authentication login into your laptop (and ideally also as key for whole disk encryption)

I'm looking for a good overview/comparison of different #MFA/#2FA or #PasswordLess authentication protocols.

The recent #Fido2 #MitM risk made me aware that I need to learn more.

Pointers and #BoostWelcome

#fedipower #wisdomOfTheCrowd #FollowerPower

As the best way to get an answer on the internet, is to state something wrong, let's try this 😜

#FIDO and FIDO2 are actually a whole set of (related?) protocols.
FIDO includes FIDO #UAF (Universal Authentication Framework) and FIDO #U2F (Universal Second Factor).

FIDO2 is the "successor" of FIDO and consists of two parts.
#WebAuthn and #CTAP (Client to Authenticator Protocol). From the name I would guess that WebAuthn is for web stuff (requiring browser support) and CTAP is for IT infrastructure stuff (???)

#Passkey is based on #Fido2
Other related concepts or protocols are #OTP (one-time passwords), #TOTP (Time-based One-time Password) and #HOTP (“H” in HOTP stands for Hash-based Message Authentication Code (HMAC))

Not sure how #SmartCards play into this.

And not sure which of these methods would work for an offline authentication login into your laptop (and ideally also as key for whole disk encryption)

I'm looking for a good overview/comparison of different #MFA/#2FA or #PasswordLess authentication protocols.

The recent #Fido2 #MitM risk made me aware that I need to learn more.

Pointers and #BoostWelcome

#fedipower #wisdomOfTheCrowd #FollowerPower

As the best way to get an answer on the internet, is to state something wrong, let's try this 😜

#FIDO and FIDO2 are actually a whole set of (related?) protocols.
FIDO includes FIDO #UAF (Universal Authentication Framework) and FIDO #U2F (Universal Second Factor).

FIDO2 is the "successor" of FIDO and consists of two parts.
#WebAuthn and #CTAP (Client to Authenticator Protocol). From the name I would guess that WebAuthn is for web stuff (requiring browser support) and CTAP is for IT infrastructure stuff (???)

#Passkey is based on #Fido2
Other related concepts or protocols are #OTP (one-time passwords), #TOTP (Time-based One-time Password) and #HOTP (“H” in HOTP stands for Hash-based Message Authentication Code (HMAC))

Not sure how #SmartCards play into this.

And not sure which of these methods would work for an offline authentication login into your laptop (and ideally also as key for whole disk encryption)

I'm looking for a good overview/comparison of different #MFA/#2FA or #PasswordLess authentication protocols.

The recent #Fido2 #MitM risk made me aware that I need to learn more.

Pointers and #BoostWelcome

#fedipower #wisdomOfTheCrowd #FollowerPower

As the best way to get an answer on the internet, is to state something wrong, let's try this 😜

#FIDO and FIDO2 are actually a whole set of (related?) protocols.
FIDO includes FIDO #UAF (Universal Authentication Framework) and FIDO #U2F (Universal Second Factor).

FIDO2 is the "successor" of FIDO and consists of two parts.
#WebAuthn and #CTAP (Client to Authenticator Protocol). From the name I would guess that WebAuthn is for web stuff (requiring browser support) and CTAP is for IT infrastructure stuff (???)

#Passkey is based on #Fido2
Other related concepts or protocols are #OTP (one-time passwords), #TOTP (Time-based One-time Password) and #HOTP (“H” in HOTP stands for Hash-based Message Authentication Code (HMAC))

Not sure how #SmartCards play into this.

And not sure which of these methods would work for an offline authentication login into your laptop (and ideally also as key for whole disk encryption)

I'm looking for a good overview/comparison of different #MFA/#2FA or #PasswordLess authentication protocols.

The recent #Fido2 #MitM risk made me aware that I need to learn more.

Pointers and #BoostWelcome

#fedipower #wisdomOfTheCrowd #FollowerPower

As the best way to get an answer on the internet, is to state something wrong, let's try this 😜

#FIDO and FIDO2 are actually a whole set of (related?) protocols.
FIDO includes FIDO #UAF (Universal Authentication Framework) and FIDO #U2F (Universal Second Factor).

FIDO2 is the "successor" of FIDO and consists of two parts.
#WebAuthn and #CTAP (Client to Authenticator Protocol). From the name I would guess that WebAuthn is for web stuff (requiring browser support) and CTAP is for IT infrastructure stuff (???)

#Passkey is based on #Fido2
Other related concepts or protocols are #OTP (one-time passwords), #TOTP (Time-based One-time Password) and #HOTP (“H” in HOTP stands for Hash-based Message Authentication Code (HMAC))

Not sure how #SmartCards play into this.

And not sure which of these methods would work for an offline authentication login into your laptop (and ideally also as key for whole disk encryption)

Ditch the Passwords: Discover the Magic of WebAuthn and Passkeys – Source: securityboulevard.com https://ciso2ciso.com/ditch-the-passwords-discover-the-magic-of-webauthn-and-passkeys-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #futureofpasswords #SecurityBoulevard #DigitalIdentity #Identity&Access #authentication #BestPractices #passwordless #CIAM #IAM

When implementing #WebAuthn on an Identity Provider's side. Where exactly should one draw the line between #SecurityKey and #Passkey? I see that most platforms make a distinction between those. Can anyone link me some article or blog post on this topic? If I were to implement security key and passkey support on a provider that does not yet support any WebAuthn, should I go down the same route?

My current assumption is that during passkey registration you'd set "residentKey = required" and "userVerification = required", whereas for a security key you'd set "residentKey = discouraged" and "userVerification = preferred".

Also, I'm assuming that a security key can also function as a form of #passwordless multi-factor authentication if UV was true during registration AND authentication. Obviously without the neat part of Passkeys where you don't have to manually enter the username.

#IAM #Authentication

#Google va vous forcer à abandonner le mot de passe de #connexion de votre #compte https://www.01net.com/actualites/google-va-vous-forcer-a-abandonner-le-mot-de-passe-de-connexion-de-votre-compte.html
#authentication #passwordless

Reminder to anyone who has purchased a new #iPhone and uses #passwordless or the #microsoft authenticator app for #mfa for corporate #office365 or #EntraID

iPhone backups/transfers will not rehydrate the app.

Make sure you have a backup strong auth method.

#m365 #azuread #azure #aad #microsoft365 #entra #infosec #consulting

https://proton.me/blog/universal-2nd-factor-u2f

Proton has a nice beginners guide to Universal 2 Factor authentication, what it is, and why you should use it. in addition to the basics it covers some concepts such as FIDO, FIDO2 and how to use them.

#FIDO #FIDOU2F #FIDO2 #SecurityKey #Passwordless

I’ve recently finished an exciting strategic engagement with a well know retailer in the UK. The project focused on delivering a modern #iam strategy and roadmap. Key technologies included #pim #aad #entitlementmanagement #identitygovernance and #passwordless.

I’ve started a #blog that covers the journey. The first one is live on my site, if you fancy a read:

https://paulsanders.co.uk/tales-from-the-field-building-a-modern-iam-strategy/

@mariusor
there is one more interesting blockchain, #credentia https://credentia.io/?lang=en , it is based on #DIDs (Decentralized Identifiers). Not sure if they are #passwordless , but it looks more robust then #keybase