#secureauthentication β Public Fediverse posts
Live and recent posts from across the Fediverse tagged #secureauthentication, aggregated by home.social.
-
@pake_preacher : I forgot the details of PAKE and SRP, but in the end the most secure client authentication requires:
1οΈβ£ Strong, long term, human comprehensible, *serving endpoint* authentication;
*AND*
2οΈβ£ TLS channel binding (enforcing known endpoints).(Apart from those, both serving endpoint AND client MUST be trustworthy).
π¨ The -corrupt- CA/B forum breaks 1οΈβ£ by:
a) Advocating anonymous Domain Validated certificates, which render secure account creation IMPOSSIBLE;
b) Continuously decreasing certificate lifetime.π¨ Furthermore, "legitimate" MitM's * break 2οΈβ£.
* Man in the Middle, like on-device virusscanners and firewalls that "open" TLS tunnels (both requiring installation of a dedicated root certificate) and proxies such as (definitely not limited to) Cloudflare and Fastly.
π± Passkeys enforce NEITHER 1οΈβ£ NOR 2οΈβ£.
π±π± Worse, because passkeys (or FIDO2 hardware keys) can be easily irretrievably "lost", servers typically provide WAY EASIER phishable authentication methods (such as "rescue codes").
#AitM #MitM #SecureOnlineAuthIsHARD #SecureAuthentication #OnlineAuthentication #Authentication #Impersonation #ChannelBinding #TLSchannelBinding #UTM #TLS #TLSinterception #TLSscanning #Proxy #Proxies #GoogleIsEvil #CloudflareIsEvil
-
@pake_preacher : I forgot the details of PAKE and SRP, but in the end the most secure client authentication requires:
1οΈβ£ Strong, long term, human comprehensible, *serving endpoint* authentication;
*AND*
2οΈβ£ TLS channel binding (enforcing known endpoints).(Apart from those, both serving endpoint AND client MUST be trustworthy).
π¨ The -corrupt- CA/B forum breaks 1οΈβ£ by:
a) Advocating anonymous Domain Validated certificates, which render secure account creation IMPOSSIBLE;
b) Continuously decreasing certificate lifetime.π¨ Furthermore, "legitimate" MitM's * break 2οΈβ£.
* Man in the Middle, like on-device virusscanners and firewalls that "open" TLS tunnels (both requiring installation of a dedicated root certificate) and proxies such as (definitely not limited to) Cloudflare and Fastly.
π± Passkeys enforce NEITHER 1οΈβ£ NOR 2οΈβ£.
π±π± Worse, because passkeys (or FIDO2 hardware keys) can be easily irretrievably "lost", servers typically provide WAY EASIER phishable authentication methods (such as "rescue codes").
#AitM #MitM #SecureOnlineAuthIsHARD #SecureAuthentication #OnlineAuthentication #Authentication #Impersonation #ChannelBinding #TLSchannelBinding #UTM #TLS #TLSinterception #TLSscanning #Proxy #Proxies #GoogleIsEvil #CloudflareIsEvil
-
@pake_preacher : I forgot the details of PAKE and SRP, but in the end the most secure client authentication requires:
1οΈβ£ Strong, long term, human comprehensible, *serving endpoint* authentication;
*AND*
2οΈβ£ TLS channel binding (enforcing known endpoints).(Apart from those, both serving endpoint AND client MUST be trustworthy).
π¨ The -corrupt- CA/B forum breaks 1οΈβ£ by:
a) Advocating anonymous Domain Validated certificates, which render secure account creation IMPOSSIBLE;
b) Continuously decreasing certificate lifetime.π¨ Furthermore, "legitimate" MitM's * break 2οΈβ£.
* Man in the Middle, like on-device virusscanners and firewalls that "open" TLS tunnels (both requiring installation of a dedicated root certificate) and proxies such as (definitely not limited to) Cloudflare and Fastly.
π± Passkeys enforce NEITHER 1οΈβ£ NOR 2οΈβ£.
π±π± Worse, because passkeys (or FIDO2 hardware keys) can be easily irretrievably "lost", servers typically provide WAY EASIER phishable authentication methods (such as "rescue codes").
#AitM #MitM #SecureOnlineAuthIsHARD #SecureAuthentication #OnlineAuthentication #Authentication #Impersonation #ChannelBinding #TLSchannelBinding #UTM #TLS #TLSinterception #TLSscanning #Proxy #Proxies #GoogleIsEvil #CloudflareIsEvil
-
@pake_preacher : I forgot the details of PAKE and SRP, but in the end the most secure client authentication requires:
1οΈβ£ Strong, long term, human comprehensible, *serving endpoint* authentication;
*AND*
2οΈβ£ TLS channel binding (enforcing known endpoints).(Apart from those, both serving endpoint AND client MUST be trustworthy).
π¨ The -corrupt- CA/B forum breaks 1οΈβ£ by:
a) Advocating anonymous Domain Validated certificates, which render secure account creation IMPOSSIBLE;
b) Continuously decreasing certificate lifetime.π¨ Furthermore, "legitimate" MitM's * break 2οΈβ£.
* Man in the Middle, like on-device virusscanners and firewalls that "open" TLS tunnels (both requiring installation of a dedicated root certificate) and proxies such as (definitely not limited to) Cloudflare and Fastly.
π± Passkeys enforce NEITHER 1οΈβ£ NOR 2οΈβ£.
π±π± Worse, because passkeys (or FIDO2 hardware keys) can be easily irretrievably "lost", servers typically provide WAY EASIER phishable authentication methods (such as "rescue codes").
#AitM #MitM #SecureOnlineAuthIsHARD #SecureAuthentication #OnlineAuthentication #Authentication #Impersonation #ChannelBinding #TLSchannelBinding #UTM #TLS #TLSinterception #TLSscanning #Proxy #Proxies #GoogleIsEvil #CloudflareIsEvil
-
What Are ZK-Proofs? A Guide to Blockchain Privacy
https://jivoice.com/what-are-zk-proofs-blockchain-privacy/
#cryptographicproof #blockchainprivacy #cryptocurrencysecurity #layer2scaling #decentralizedidentity #verifiablecomputation #zeroknowledgeproofs #secureauthentication #ethereumprivacy #zkSTARKs
-
π Modern Password Security Threats: Protecting Your Digital Identity π΅οΈββοΈ π‘οΈ π¨
Cybercriminals use sneaky techniques to crack passwords and gain access to accounts. Here are the most common attacks:
βοΈ Brute Force β Tries every possible password
π Dictionary Attack β Uses common words & phrases
π Rainbow Table β Cracks password hashes
π Shoulder Surfing β Spies on you while typing
β¨οΈ Keylogging β Records everything you type
π― Password Spraying β Tests common passwords on many accounts
π Social Engineering β Tricks you into revealing passwords
π£ Phishing β Fake emails & websites steal your login
ποΈ Credential Stuffing β Uses leaked passwords from breaches
π΅οΈ Man-in-the-Middle β Intercepts data over networksπ‘οΈ Stay Safe! Use strong, unique passwords, enable 2FA, and beware of phishing scams.
Which attack surprised you the most? Letβs discuss in the comments! β¬οΈ
β οΈ This content is shared strictly for educational and informational purposes only. π All information is provided to help individuals and organizations better protect themselves against security threats. π The techniques discussed are presented solely to improve awareness and defensive measures, not to facilitate any unauthorized access. β
#PasswordSecurity #CyberSecurity #DataProtection #SecureAuthentication #IdentityProtection #InfoSec #PhishingAwareness #CyberDefense #MFA #DigitalSafety
-
π Modern Password Security Threats: Protecting Your Digital Identity π΅οΈββοΈ π‘οΈ π¨
Cybercriminals use sneaky techniques to crack passwords and gain access to accounts. Here are the most common attacks:
βοΈ Brute Force β Tries every possible password
π Dictionary Attack β Uses common words & phrases
π Rainbow Table β Cracks password hashes
π Shoulder Surfing β Spies on you while typing
β¨οΈ Keylogging β Records everything you type
π― Password Spraying β Tests common passwords on many accounts
π Social Engineering β Tricks you into revealing passwords
π£ Phishing β Fake emails & websites steal your login
ποΈ Credential Stuffing β Uses leaked passwords from breaches
π΅οΈ Man-in-the-Middle β Intercepts data over networksπ‘οΈ Stay Safe! Use strong, unique passwords, enable 2FA, and beware of phishing scams.
Which attack surprised you the most? Letβs discuss in the comments! β¬οΈ
β οΈ This content is shared strictly for educational and informational purposes only. π All information is provided to help individuals and organizations better protect themselves against security threats. π The techniques discussed are presented solely to improve awareness and defensive measures, not to facilitate any unauthorized access. β
#PasswordSecurity #CyberSecurity #DataProtection #SecureAuthentication #IdentityProtection #InfoSec #PhishingAwareness #CyberDefense #MFA #DigitalSafety