Marcel SIneM(S)US4d ago
Passwort-Manager #KeePassXC 2.7.12: Was Nutzer beim Update beachten müssen | iX Magazin https://www.heise.de/news/KeePassXC-2-7-12-DLL-Schutz-Passkey-Aenderungen-und-TOTP-in-Auto-Type-11206934.html #passkey #passkeys #Patchday
Passwort-Manager KeePassXC 2.7.12: Was Nutzer beim Update beachten müssen

KeePassXC 2.7.12 schützt Windows-Nutzer vor DLL-Injection über OpenSSL, ändert Passkey-Flags und unterstützt TOTP-Platzhalter in Auto-Type.

heise online
iX Magazin5d ago

Passwortlose Authentifizierung mit Passkeys, FIDO, SSO und mehr

Wie man FIDO2 und SSO in Webdienste integriert: Konzepte, Protokolle und Best Practices für eine sichere Authentifizierung mit und ohne Passwort.

https://www.heise.de/news/Passwortlose-Authentifizierung-mit-Passkeys-FIDO-SSO-und-mehr-11194711.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#IdentityManagement #IT #iXWorkshops #Passkey #ZweifaktorAuthentisierung #news

Passwortlose Authentifizierung mit Passkeys, FIDO, SSO und mehr

Wie man FIDO2 und SSO in Webdienste integriert: Konzepte, Protokolle und Best Practices für eine sichere Authentifizierung mit und ohne Passwort.

heise online
Fabian Bader6d ago

Microsoft just announced official support to store device bound Passkeys for Entra ID in the Windows Hello container. No app, no external hardware key but built in support. Sadly no attestation while in preview.

https://mc.merill.net/message/MC1247893

#Passkey #EntraID

MC1247893 - Microsoft Entra passkeys on Windows now support phishing-resistant sign-in | Microsoft 365 Message Center Archive

Microsoft Entra passkeys on Windows enable phishing-resistant, passwordless sign-in using Windows Hello on Entra-protected resources, including unmanaged devices. Public preview starts mid-March 2026. Organizations must opt in and configure policies to enable this feature; no impact occurs without activation.

Semur JengkolMar 10
Sip, berkat pakai combo #bitwarden dan #vaultwarden jadi bisa lepas dari google #passwordmanager.

Bukan karena enggan pakai password manager nya google, tapi lebih kearah enak ganti-ganti browser tapi password tetap sync. Apalagi juga ada sync #TOTP dan #passkey yang terintegrasi.
eqtvMar 10

What Is a Passkey and How Does Passwordless Login Work?

https://peertube.eqver.se/w/wLaCwP6dJ6P6WYrzpoKHgs

red_029_en

PeerTube
Zachary CutlipMar 10

Yahoo has pulled some shady shit with how you sign in to email from Apple devices

So my mom tells me she can't get email from any of her devices. Turns out Yahoo had signed her out everywhere: Mac, iPhone, iPad. I had to help tet her signed back in on everything

It turns out they've broken the sign-in process in the following ways. Note this is *entirely* in the native account sign-in flow in Settings:

- They've somehow broken password managers in the webview so 1Password won't fill username/password. You have to switch back & forth copying/pasting
- They've broken #passkey support here as well, I'm guessing due to whatever they did to break password managers. So you get downgraded to a less secure 2FA mechanism like SMS
- And here’s the kicker: they're injecting a super aggressive interstitial in the sign-in WebView that tries to trick you into downloading the Yahoo Mail app instead of signing in to Mail.app

There's literally no way my mom could have navigated this. She 100% would have ended up installing an app she doesn't need because Yahoo told her to and because Apple Mail was "broken." I obviously don't *know* what's behind the forced sign-outs and the breaking of password managers and passkeys, but given the aggressive upselling of the Yahoo app, it really seems intentional

cc @rmondello because passkeys

Show threadrakekniven 👁️Mar 7
@pygora For me, a password or #passkey is comparable, so the same vault is fine for that. For #otp you can do things differently, such as using a second vault, hardware token, or mobile app.
Aaron PareckiMar 6
I'm setting up a temporary laptop for my next trip and it's shocking how much faster the cross-device passkey flow is compared to looking up and hand typing my long 1Password passwords
The New OilMar 5

#Bitwarden adds support for #passkey login on #Windows11

https://www.bleepingcomputer.com/news/security/bitwarden-adds-support-for-passkey-login-on-windows-11/

#cybersecurity #Windows

Bitwarden adds support for passkey login on Windows 11

Bitwarden announced support for logging into Windows 11 devices using passkeys stored in the manager's vault, enabling phishing-resistant authentication.

BleepingComputer
LennyMar 5

Boah ist das nervig wie schnell man auf post.ch ausgeloggt wird.

Und dann ist #SwissID auch noch ultra nervig mit Benutzername und Passwort separiert, letzteres so gebaut, dass es Passwortmanager wieder mal nicht erkennen und ihr #Passkey System ist so broken, dass es mit KeePass nicht funktioniert.

Hat da irgendjemand einen Draht hin und kann mal anklopfen ob man das nicht besser hinbekommen kann?

#Schweiz #Post