Mastodawn

Found this. Anyone know if this is secure, and if it works? KeePassPasskey plugin https://github.com/yusei36/KeePassPasskey/releases #Passkey #Passkeys #KeePass

Releases · yusei36/KeePassPasskey

KeePassPasskey: use your KeePass as a native Windows 11 passkey provider - yusei36/KeePassPasskey

GitHub

Nick 22h ago

I find myself cursing #passkeys yet again. I decided to try to store some passkeys on my #Yubikey for some of my more sensitive accounts that don't allow FIDO for #2FA, but now the passkeys are mysteriously failing to register (using Firefox on Linux).

One of the challenges of FIDO is that there seem to be many ways for it to not work (issues with the site, browser, OS, and whatever you're using for credentials), and the error messages are either non-existent or totally opaque to anyone who doesn't work on this stuff. By contrast, TOTP and passwords are relatively straightforward, mostly just work, and are easy to reason about.

I'd really like to see the end of passwords for authenticating to online services, but it seems like if someone like me, who has been using key-based authentication and encryption his entire adult life, still struggles to make it work then it's not a viable alternative.

Chris | cy 1d ago

is anyone aware how you can prevent the "choose how to save passkeys" prompt on MacOS?
its so annoying to press "cancel" everytime you use webauthn...

i have disabled "autofill passwords and passkeys" (because i dont want to use apple integration, i just use yubikey and chromium-based browser #passkeys

edit: "install linux" is not a valid fix for me on this machine

Don Porqué 1d ago

Las passkeys ya están cambiando la forma de entrar en cuentas: menos fricción, más seguridad y menos phishing. Así funciona el relevo de las contraseñas. #Ciberseguridad #Passkeys #Contraseñas #Phishing #Privacidad #Tecnología

https://donporque.com/que-es-passkey/

¿Qué es passkey y por qué sustituye contraseñas?

La autenticación sin claves memorizadas gana terreno: más rápida, más segura y resistente al phishing en móviles, PC y servicios web.

Don Porqué - El porqué detrás de cada noticia

Show thread

Karl Voit

2d ago

@mkristensson True.

However, some megacorps are extending passkeys to allow for sharing and moving keys. Unfortunately, you lose the phishing protection with that as well.

So yes, some passkeys setups aren't protection against phishing any more. 😞

Therefore, I use user/password + #FIDO2 hardware token when it *really* needs to be secure and #TOTP for the rest.

Even with passkeys, FIDO2 hardware tokens don't support those convenience features where #passkeys lose #phishing protection.

More on https://karl-voit.at/FIDO2-vs-Passkeys/ (German)

#security #publicvoit

Authentifizierung mit FIDO2 und Passkeys

Robert Kingett 3d ago

This portable Passkeys trick of mine works better than I thought! I love Passkeys now that I keep them in a portable database. How to make portable Passkeys, Sightless Scribbles https://sightlessscribbles.com/posts/how-to-make-portable-passkeys/ #Security #Passkey #Passkeys #Tech #Technology #InfoSec

How to make portable Passkeys, Sightless Scribbles

A fabulously gay blind author.

Ölbaum 3d ago

RE: https://infosec.exchange/@hcf/116766730950368400

The year is 2028. Through-Skin-DNA-Sequencing has supplanted Brain-Waves-Pattern-Matching, which has supplanted Intestinal-Fauna-Surveying, which has supplanted #passkeys as “the last authentication factor you’ll ever need.” Logging in to your bank requires a username, account number, password, one-time SMS code, passkey, vomit sample, 5-minute EEG and 3-minute arm scan.

Incoming money transfers still take two working days to show up on your account. Tuesdays and Thursdays are bank holidays.