What exactly is #passkey and how does it work? Are we giving biometric data to every website when using passkey?

#privacy #biometric

«YubiKey Manager — Sicherheitslücke ermöglicht Ausführung untergeschobenen Codes:
Yubico warnt vor einer Suchpfad-Schwachstelle im YubiKey Manager, libfido2 und python-fido2. Updates korrigieren die Fehler.»

Eine IT-Security Meldung die wirklich sicher ist und Updates nun wirklich sofort vor dem Wochenende gemacht werden müssen.

🔐 https://www.heise.de/news/YubiKey-Manager-Sicherheitsluecke-ermoeglicht-Ausfuehrung-untergeschobenen-Codes-11262018.html

#update #itsicherheit #itsecurity #yubikey #libfido2 #python #fido2 #passkey #login #passkeys

Je vois de plus en plus de sites web qui proposent d’utiliser des #passkey
Des personnes ici qui utilisent du #yubikey #yubico sous #Linux ?
C’est bien ? Pas de souci à faire reconnaître ?
Des conseils ?

Le boost améliore la sécurité informatique ;-)

I wish Microsoft account (personal) was a bit better documented. 🤯

It's possible to add a #passkey / Windows Hello, without having provided 2FA. Naturally, you can't turn around and use that passkey as 2FA.

But if you sign in with that passkey and then provide 2FA, Microsoft sets a flag and you can use the passkey as 2FA going forward.

(By default, 2FA is required for some actions like opening "Additional security options".)

"I’ve come to realize that the idea of hoping for the best and planning for the worst is almost always the most ideal way to do things."

#investments #vanguard #fidelity #money #cybersecurity #acats #password #passkey #2fa

https://www.routetoretire.com/protecting-investment-accounts/

Passwortlose Authentifizierung mit Passkeys, FIDO, SSO und mehr

Wie man FIDO2 und SSO in Webdienste integriert: Konzepte, Protokolle und Best Practices für eine sichere Authentifizierung mit und ohne Passwort.

https://www.heise.de/news/Passwortlose-Authentifizierung-mit-Passkeys-FIDO-SSO-und-mehr-11247031.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#IdentityManagement #IT #iXWorkshops #Passkey #ZweifaktorAuthentisierung #news

Am I the only one that has this problem?

I still need to log into #Google for a few things.

In every case, after logging on and providing my 2FA key, I land on their "Simplify your sign on" page and blindly click Continue (because I'm so used to all the "Don't ask me again" screens), forgetting that the small print for this screen is all about creating a #Passkey for my login (which I don't want).

So, *every time*, the only thing I can do is back out, repeat the login and 2FA and take care not to click Continue again. If I'm multitasking, this can easily result in more than one cycle through the loop.