Passkey без Apple, Google и облаков: делаем собственный аппаратный ключ за 4 евро / Хабр

https://habr.com/ru/companies/ru_mts/articles/1053522/

> Несколько лет назад я озаботился покупкой YubiKey 5 NFC в надежде, что он станет для меня своеобразным ключом от всех дверей. Ожидания оправдались, он успешно трудится каждый день в роли 2FA.

Но есть возможность сделать его аналог своими руками.

https://github.com/polhenarejos/pico-fido

#2fa #pico_fido #security-key #diy #passkey

Passkey без Apple, Google и облаков: делаем собственный аппаратный ключ за 4 евро

Несколько лет назад я озаботился покупкой YubiKey 5 NFC в надежде, что он станет для меня своеобразным ключом от всех дверей. Ожидания оправдались, он успешно трудится каждый день в роли 2FA и...

Хабр

A strong password is a great start.

But what happens if someone still gets it?

That's where Two-Factor Authentication (2FA) comes in. It adds a second layer of protection and is one of the easiest ways to make your accounts much harder to compromise.

📖 Lesson 5: https://error-404.cc/en/digital-privacy-security/start-here/lesson-5-two-factor-authentication/

#DigitalHygiene #Privacy #OnlineSafety #2FA #mastodon #Fediverse #Tech

Lesson 5 — Two-Factor Authentication Explained · Error 404 Learning Guide

Understand why a password plus a second step protects your accounts much better.

Die DAK empfiehlt mir an der Hotline, ein Antragsformular zur Pflege meiner Eltern (5 Seiten mit so ziemlich allen Sozialdaten von mir und meinem Vater) per unverschlüsselter E-Mail zu verschicken und versteht mein Datenschutzproblem gar nicht.

Nachdem ich den SSL-Upload auf Website (von dem Hotline - auch auf explizite Nachfrage von mir - nix weiß) gefunden habe, kommt Stunden später Mail mit "Nachricht für Sie im DAK-Postfach" (meines Vaters).
1/2

#DAK #Cybersecurity #2FA #EinmalMitProfis

Opening the session was Wang et al.'s "The 2FA Illusion: Uncovering Weak Links of Web Account Access in the Wild" on how #2FA can fall short in practice. (https://www.acsac.org/2025/program/final/s389.html) 2/6
#MFA #AccountSecurity

A question worth asking before you pick an authenticator: what happens to my codes if this app gets acquired, shuts down, or just goes quiet?

For most apps the answer is "you're stuck." We think that's backwards.

So Fob exports your whole vault anytime, in a format any other authenticator can read. Your codes keep generating on your device even if our servers disappear. No account held hostage, no lock-in. Your codes stay yours.

#2FA #privacy

Most authenticator apps hand you one long, flat list. 30 or 40 accounts, no real order, and you're scrolling to find the right code before the 30-second timer runs out.

Folders barely help, because a Coinbase account isn't only "crypto." It's finance and crypto and high-value, all at once.

So we built tags instead: tag each account with whatever fits, then filter by any combination. The right code in two seconds. That's the feature we couldn't stop thinking about.

#2FA #authenticator

Update Microsoft To-Do (#8600) · 2factorauth/twofactorauth@8f01a2c

List of sites with two factor auth support which includes SMS, email, phone calls, hardware, and software. - Update Microsoft To-Do (#8600) · 2factorauth/twofactorauth@8f01a2c

GitHub

Ever switched phones and found your authenticator codes didn't come with you?

For a lot of people, that's how they learn their codes were never saved anywhere else: locked out of email, the bank, and every account at once. One bad afternoon that takes a week to clean up.

It shouldn't be this fragile. We're building an authenticator where a new phone is a 10-minute restore, not a disaster. More soon.

#2FA #infosec

Könnte bitte mal #Apple #iOS aufhören mich mit #2FA Hinweisen zu nerven?🙄
Ich weiss was ich tue. Und ich habe kein 2.Gerät.
Wo ist der Schalter „Lass mich in Ruhe verd@##%‼️“
Update Appfigures (#8599) · 2factorauth/twofactorauth@4251f87

List of sites with two factor auth support which includes SMS, email, phone calls, hardware, and software. - Update Appfigures (#8599) · 2factorauth/twofactorauth@4251f87

GitHub