#phishingresistant — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #phishingresistant, aggregated by home.social.
-
@WeirdWriter : thank you for demystifying the asymmetric cryptography aspect of passkeys.
See also https://todon.nl/@ErikvanStraten/116552022706029032
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
@WeirdWriter : thank you for demystifying the asymmetric cryptography aspect of passkeys.
See also https://todon.nl/@ErikvanStraten/116552022706029032
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
@WeirdWriter : thank you for demystifying the asymmetric cryptography aspect of passkeys.
See also https://todon.nl/@ErikvanStraten/116552022706029032
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
@WeirdWriter : thank you for demystifying the asymmetric cryptography aspect of passkeys.
See also https://todon.nl/@ErikvanStraten/116552022706029032
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
@rmondello : what makes passkeys strong:
1. Software checks the domain name, which makes phishing hard;
2. Https is enforced, which helps prevent AitM attacks (unless Cloudflare et al. come into play);
3. A unique, long, unguessible, randomly generated "password" (public key) per account: dumb password rules and broken human RNG's no longer apply.
The rest is marketing (including the -hyped- asymmetric cryptography).
The "advantage" of denying the owner access to their own private keys hardly makes sense as long as session cookies are not device-bound.
The disadvantage of not being able to back up ones own private keys is the risk of vendor lock-in and the underestimated huge risk of account lockout [1]. And the latter leads to the necessity of being able to log in using weak authentication after the user loses access to their private keys.
[1] https://seclists.org/fulldisclosure/2024/Feb/15
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
@rmondello : what makes passkeys strong:
1. Software checks the domain name, which makes phishing hard;
2. Https is enforced, which helps prevent AitM attacks (unless Cloudflare et al. come into play);
3. A unique, long, unguessible, randomly generated "password" (public key) per account: dumb password rules and broken human RNG's no longer apply.
The rest is marketing (including the -hyped- asymmetric cryptography).
The "advantage" of denying the owner access to their own private keys hardly makes sense as long as session cookies are not device-bound.
The disadvantage of not being able to back up ones own private keys is the risk of vendor lock-in and the underestimated huge risk of account lockout [1]. And the latter leads to the necessity of being able to log in using weak authentication after the user loses access to their private keys.
[1] https://seclists.org/fulldisclosure/2024/Feb/15
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
@rmondello : what makes passkeys strong:
1. Software checks the domain name, which makes phishing hard;
2. Https is enforced, which helps prevent AitM attacks (unless Cloudflare et al. come into play);
3. A unique, long, unguessible, randomly generated "password" (public key) per account: dumb password rules and broken human RNG's no longer apply.
The rest is marketing (including the -hyped- asymmetric cryptography).
The "advantage" of denying the owner access to their own private keys hardly makes sense as long as session cookies are not device-bound.
The disadvantage of not being able to back up ones own private keys is the risk of vendor lock-in and the underestimated huge risk of account lockout [1]. And the latter leads to the necessity of being able to log in using weak authentication after the user loses access to their private keys.
[1] https://seclists.org/fulldisclosure/2024/Feb/15
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
@rmondello : what makes passkeys strong:
1. Software checks the domain name, which makes phishing hard;
2. Https is enforced, which helps prevent AitM attacks (unless Cloudflare et al. come into play);
3. A unique, long, unguessible, randomly generated "password" (public key) per account: dumb password rules and broken human RNG's no longer apply.
The rest is marketing (including the -hyped- asymmetric cryptography).
The "advantage" of denying the owner access to their own private keys hardly makes sense as long as session cookies are not device-bound.
The disadvantage of not being able to back up ones own private keys is the risk of vendor lock-in and the underestimated huge risk of account lockout [1]. And the latter leads to the necessity of being able to log in using weak authentication after the user loses access to their private keys.
[1] https://seclists.org/fulldisclosure/2024/Feb/15
#Passkeys #Phishing #PhishingResistant #AsymmetricCryptography #AndroidPasskeys #androidPasskeysGone #iOSpasskeys #iPadOSpasskeys #ApplePasskeys #BackUp #Export #BackUpPasskeys #ExportPassKeys #PasskeyBackUps #PasskeyExports
-
PASSKEYS, HOE DAN EN WAAROM?
Zojuist heb ik geprobeerd om in https://security.nl/posting/929755 uit te leggen hoe passkeys werken, en wat de voor/nadelen zijn.
Boosten van deze toot wordt gewaardeerd!
#Passkeys #WebAuthn #FIDO2 #Yubikey #Phishing #PhishingResistant #PhishingResistance #InfoSec
-
PASSKEYS, HOE DAN EN WAAROM?
Zojuist heb ik geprobeerd om in https://security.nl/posting/929755 uit te leggen hoe passkeys werken, en wat de voor/nadelen zijn.
Boosten van deze toot wordt gewaardeerd!
#Passkeys #WebAuthn #FIDO2 #Yubikey #Phishing #PhishingResistant #PhishingResistance #InfoSec
-
PASSKEYS, HOE DAN EN WAAROM?
Zojuist heb ik geprobeerd om in https://security.nl/posting/929755 uit te leggen hoe passkeys werken, en wat de voor/nadelen zijn.
Boosten van deze toot wordt gewaardeerd!
#Passkeys #WebAuthn #FIDO2 #Yubikey #Phishing #PhishingResistant #PhishingResistance #InfoSec
-
PASSKEYS, HOE DAN EN WAAROM?
Zojuist heb ik geprobeerd om in https://security.nl/posting/929755 uit te leggen hoe passkeys werken, en wat de voor/nadelen zijn.
Boosten van deze toot wordt gewaardeerd!
#Passkeys #WebAuthn #FIDO2 #Yubikey #Phishing #PhishingResistant #PhishingResistance #InfoSec
-
𝐃𝐈𝐅𝐅𝐄𝐑𝐄𝐍𝐂𝐄 𝐁𝐄𝐓𝐖𝐄𝐄𝐍 𝐌𝐅𝐀 𝐀𝐍𝐃 𝐏𝐇𝐈𝐒𝐇𝐈𝐍𝐆-𝐑𝐄𝐒𝐈𝐒𝐓𝐀𝐍𝐓 𝐌𝐅𝐀
Phishing is a very popular technique of attackers. They trick the user into entering their credentials on some fraudulent site pretending to be a corporate login page, for example to log into Microsoft Entra ID. The user enters their login credentials there and sends them to the attacker.
📺 Watch my YouTube video where I show the difference between MFA and phishing-resistant MFA 👇 👇
https://youtu.be/NGx6tRKtEFI#cswrld #video #mfa #phishing #authentication #phishingresistant #entraid
-
𝐃𝐈𝐅𝐅𝐄𝐑𝐄𝐍𝐂𝐄 𝐁𝐄𝐓𝐖𝐄𝐄𝐍 𝐌𝐅𝐀 𝐀𝐍𝐃 𝐏𝐇𝐈𝐒𝐇𝐈𝐍𝐆-𝐑𝐄𝐒𝐈𝐒𝐓𝐀𝐍𝐓 𝐌𝐅𝐀
Phishing is a very popular technique of attackers. They trick the user into entering their credentials on some fraudulent site pretending to be a corporate login page, for example to log into Microsoft Entra ID. The user enters their login credentials there and sends them to the attacker.
📺 Watch my YouTube video where I show the difference between MFA and phishing-resistant MFA 👇 👇
https://youtu.be/NGx6tRKtEFI#cswrld #video #mfa #phishing #authentication #phishingresistant #entraid
-
𝐃𝐈𝐅𝐅𝐄𝐑𝐄𝐍𝐂𝐄 𝐁𝐄𝐓𝐖𝐄𝐄𝐍 𝐌𝐅𝐀 𝐀𝐍𝐃 𝐏𝐇𝐈𝐒𝐇𝐈𝐍𝐆-𝐑𝐄𝐒𝐈𝐒𝐓𝐀𝐍𝐓 𝐌𝐅𝐀
Phishing is a very popular technique of attackers. They trick the user into entering their credentials on some fraudulent site pretending to be a corporate login page, for example to log into Microsoft Entra ID. The user enters their login credentials there and sends them to the attacker.
📺 Watch my YouTube video where I show the difference between MFA and phishing-resistant MFA 👇 👇
https://youtu.be/NGx6tRKtEFI#cswrld #video #mfa #phishing #authentication #phishingresistant #entraid
-
𝐃𝐈𝐅𝐅𝐄𝐑𝐄𝐍𝐂𝐄 𝐁𝐄𝐓𝐖𝐄𝐄𝐍 𝐌𝐅𝐀 𝐀𝐍𝐃 𝐏𝐇𝐈𝐒𝐇𝐈𝐍𝐆-𝐑𝐄𝐒𝐈𝐒𝐓𝐀𝐍𝐓 𝐌𝐅𝐀
Phishing is a very popular technique of attackers. They trick the user into entering their credentials on some fraudulent site pretending to be a corporate login page, for example to log into Microsoft Entra ID. The user enters their login credentials there and sends them to the attacker.
📺 Watch my YouTube video where I show the difference between MFA and phishing-resistant MFA 👇 👇
https://youtu.be/NGx6tRKtEFI#cswrld #video #mfa #phishing #authentication #phishingresistant #entraid
-
FIDO2 has been getting a lot of mention lately. But do you know what FIDO2 is and what its benefits are?
FIDO2 is to some extent the future of authentication. It's authentication without the use of a username and password. Without the need for an additional factor. Yet it's authentication that is resistant to phishing attacks.
-
FIDO2 has been getting a lot of mention lately. But do you know what FIDO2 is and what its benefits are?
FIDO2 is to some extent the future of authentication. It's authentication without the use of a username and password. Without the need for an additional factor. Yet it's authentication that is resistant to phishing attacks.
-
FIDO2 has been getting a lot of mention lately. But do you know what FIDO2 is and what its benefits are?
FIDO2 is to some extent the future of authentication. It's authentication without the use of a username and password. Without the need for an additional factor. Yet it's authentication that is resistant to phishing attacks.
-
FIDO2 has been getting a lot of mention lately. But do you know what FIDO2 is and what its benefits are?
FIDO2 is to some extent the future of authentication. It's authentication without the use of a username and password. Without the need for an additional factor. Yet it's authentication that is resistant to phishing attacks.