Recent searches
Search options
#passkeys
13 posts12 participants0 posts today
Replied to Cyrille Besson 
@cyrillebesson
I’m a #passkeys superfan and I’ll say quite honestly, they still have problems, but for the cases where they work, they are clearly better than the alternative and have very little downsides.
For sites that you already use a strong password and 2FA, passkeys get you in faster and you can still keep your password and 2FA for cases when passkey doesn’t work. You are probably already using a password vault and you take care not to get phished, so mostly it’s a convenience but still a bit better.
For users that aren’t using a password vault and haven’t set up 2FA, maybe not you but someone in your family, passkeys are more secure than what they are using now. Use it for your important accounts, for money or for validating your identity to other sites, coach your family members to use passkeys where available. Banks, email, mobile phone, shopping. Other places that don’t have passkeys, you can also secure them better by linking to google.
Hey techos 
Is it worth switching to passkeys ?
Tired of managing passwords and 2FA codes?
Passkeys are the secure, phishing-proof future.
Biometric login Device-based keys Already supported by major platforms
Dive deeper at 
https://betweenthehacks.com/passkeys
#webauthn #FIDO2 #passkeys extensions txAuthSimple and txAuthGeneric have not been implemented by browsers, because no token used them, so they were removed from the specification, because no one implemented them.
There is not much hope; the issue asking for change has been closed. https://github.com/w3c/webauthn/pull/2020
Last fall, the FIDO Alliance announced a new system for importing and exporting passkeys across devices and platforms. The Google Password Manager now shows signs of work towards implementing just such a system.
#passkeys #security #google #password
https://www.androidauthority.com/passkey-import-3540069/
Android Authority · Google's making it easy to securely move your passkeys to a new phone (APK teardown)Passkeys could soon become much more convenient for using across multiple devices, with Android preparing new import/export tools.
Google's making it easy to securely export/import passkeys and passwords from other password managers.
This follows FIDO's October 2024 draft, which introduced specifications for secure passkey transfers between providers.
Details- https://www.androidauthority.com/moving-passkeys-future-updates-3491428/
Replied to Karl Voit 
@publicvoit @keno3003
Ich habe 2 FIDO2 HW-Token und bin davon begeistert. Für den durchschnittlichen Anwender gut geeignet. Sehr einfach anzuwenden. Schade das nicht viel mehr Anbieter davon Gebrauch machen.
Zum Vergleich: Mit TOTP bin ich gescheitert. Das ist aufwändiger, und wenn man nicht richtig weiß wie es geht, kann man sich leicht ausschließen (Backup Schlüssel bei Einrichtung sofort sichern nicht vergessen.)
#fido2 #token #passkeys #security
Continued thread
@keno3003 (2/2) Der einzige Schutz dagegen ist, wenn man physische #FIDO2-Tokens verwendet ("device-bound passkeys" nur in der "roaming-authenticator"-Variante!), die das Auslesen des Geheimnisses prinzipiell ausschließen. Dies ist also die einzige wirklich Phishing-resistente Authentifizierungsmethode.
IMO sollten also die Tipps am Ende vom Video *mit Fokus auf Sicherheit* anders lauten:
- am besten 2 #FIDO2 HW-Tokens besorgen und für alle #Passkeys verwenden (für #IDAustria Österreich: https://www.oesterreich.gv.at/dam/jcr:972a25a0-65e6-4c2e-9422-a2e02ce16f2d/20230613_ID-Austria_FIDO.pdf)
- keine phishing-gefährdeten Fall-Back-Mechanismen verwenden: also nur den 2. FIDO2-Token
- jede 2FA ist besser als keine
- niemals Passwörter in die Cloud schicken (Cloud-PW-Manager)
HTH 
@keno3003 ad "Das Problem mit Passkeys" https://www.youtube.com/watch?v=u7Ti-Jc-b3A&pp=ygUYZGFzIHByb2JsZW0gYmVpIHBhc3NrZXlz
Sorry, dass #Passkeys immer absolut resistent gegen #Phishing sind, stimmt leider nicht.
https://arxiv.org/abs/2501.07380
"Another concern could be social engineering, where a user is tricked into sharing a passkey with an account controlled by an attacker."
Meiner Interpretation nach ermöglicht also das Transferieren von Passkeys zu anderen Personen eindeutig Phishing-Methoden. Die sind vielleicht noch nicht in der Praxis aufgetaucht aber ausschließen kann man es keinesfalls.
(1/2)
Top Passwordless Identity Assurance Trends for 2025 – Source: securityboulevard.com https://ciso2ciso.com/top-passwordless-identity-assurance-trends-for-2025-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #identityverification #CompanyHighlights #CyberSecurityNews #SecurityBoulevard #Identity&Access #authentication #Industrynews #passwordless #Perspectives #Passkeys #SBNNews #FIDO
CISO2CISO.COM & CYBER SECURITY GROUP · Top Passwordless Identity Assurance Trends for 2025 – Source: securityboulevard.comSource: securityboulevard.com - Author: Bojan Simic, CEO, HYPR “The Renaissance Man” was attributed to Leonardo da Vinci because he symbolized the f
Continued thread
I was surprised last night to see that the latest Yubikeys support 100 #Passkeys, as opposed to the previous limit of 32, but it still doesn't feel like the best solution.
Am I the only one who absolutely starts to hate #passkeys? Everytime it's a dance to figure out which one or more passkeys I used with service X. Is it my phone, Bitwarden, one of my yubikeys, my Mac or chrome profile?
It's 'Log in with Google/Facebook/etc' all over again...
Apropos #Passkeys: c't 3003 hat sich im letzten Video mit dem Thema Synchronisation des Schlüsselmaterials auseinandergesetzt. Die Möglichkeiten der Herstellerclouds oder eigener Passwortmanager werden kurz gezeigt. In Sachen User Experience gibt es für die geräteübergreifende Nutzung von Passkeys allerdings noch keine so gute Note...
youtube.com- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Ich empfahl ja neulich auf den #clt2025 den Vortrag über #Passkeys, die man für #2fa oder bei manchen Anbietern auch als einzige Authentifizierungsmethode nutzen kann. Auch den Vortrag könnt Ihr nachschauen. Link und Materialien sind hier: https://chemnitzer.linux-tage.de/2025/de/programm/beitrag/188
chemnitzer.linux-tage.deChemnitzer Linux-Tage 2025 · Vortrag: Passwortlose Logins mit PassKeysDie Chemnitzer Linux-Tage sind eine Veranstaltung rund um das Thema Linux und Open Source für jedermann, die Linux-Nutzer, Insider und Unternehmen zusammenbringt.
PCWorld: #Microsoft is streamlining #logins for Windows, #Xbox, and #M365 (moving towards passwordless ie "#passkeys" )
https://www.pcworld.com/article/2651646/microsoft-is-streamlining-logins-for-windows-xbox-and-m365.html
PCWorld · Microsoft is streamlining logins for Windows, Xbox, and M365
Microsoft Unifies Sign-In Systems for Windows, Xbox, and Microsoft 365
#Microsoft #Windows11 #Xbox #Microsoft365 #Passkeys #CyberSecurity #Authentication #BigTech
About Troy Hunt being phished.
He noticed that his password manager's autocomplete didn't trigger, he ignored it, and says that phishing-resistant #passkeys would solve this. True, but I encountered on many occasions that passkeys simply don't work for whatever reason, and I have to fall back to using OTP, defefating the whole point.
RE: https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/
Troy Hunt · A Sneaky Phish Just Grabbed my Mailchimp Mailing ListYou know when you're really jet lagged and really tired and the cogs in your head are just moving that little bit too slow? That's me right now, and the penny has just dropped that a Mailchimp phish has grabbed my credentials, logged into my account and exported the mailing
Neue Microsoft-Anmeldung: Schöner, schlauer, sicherer
https://techupdate.io/microsoft/neue-microsoft-anmeldung-schoener-schlauer-sicherer/50240/
techupdate.iotechUpdate.io | Neue Microsoft-Anmeldung: Schöner, schlauer, sicherer Microsoft modernisiert die Anmeldung für Privatnutzer: Neues Design, dunkler Modus, Passwortfreiheit durch Passkeys. Rollout bis April 2025.