Passkeys are the future of authentication - and implementing them on iOS is simpler than you might think. This practical guide covers registration and authentication flows using public-key cryptography with iCloud Keychain synced private keys.
🔗: https://tanaschita.com/ios-authentication-passkeys/ by Natascha Fadeeva (@tanaschita)
[deps]: Update astro to v5.18.1 [SECURITY] (#139)
https://github.com/bitwarden/passkeys-index/commit/aacdb39fabfbfc9d65b2962521f2bd80e8781f5b
Here's another issue with #passkeys - here's me adding one to my login for a CMS I'm working on.
What in gods name does this prompt want from me? "Goeff"? "Harold"?
WHAT am I naming it for? Is it related to my machine? My browser? My account? WHAT THE FUCK DO YOU MEAN "name"?
Context. I have no clue what context you're in, passkey workflow.
HIBP just shipped a mega update: passkeys, k-anonymity searches, bulk domain verification API. No more manual verification loops — fully scriptable via DNS. Half the Fortune 500 uses this. Infrastructure the internet relies on. 🔑✅
For a hobby project built in my spare time to provide a simple community service, Have I Been Pwned sure has, well, "escalated". Today, we support hundreds of thousands of website visitors each day, tens of millions of API queries, and hundreds of millions of password searches. We're processing billions
Here’s one for the passkey implementation hall of shame.
1. The Lowe’s UI for managing passkeys gives the impression they’re disabled by showing this introductory text, TOS checkbox, and an Enable Passkey button. But they’re already active. That’s just how you register a new key.
2. The key list has no registration date, last-used date, or ability to edit the title. I have a passkey registered in 1Password and one on a YubiKey. Both are permanently named “Mac OS_Firefox”.
@Tutanota : rubbish.
Two WEAK locks may be LESS pointless than one WEAK lock, but they're still pointless. Go read https://www.csoonline.com/article/4147134.
U2F has been superseded by FIDO2 (hardware keys in WebAuthn mode) and Passkeys (example in Dutch: https://todon.nl/@ErikvanStraten/116285192238090438).
Both WebAuthn methods have advantages and disadvantages.
If you don't like them, use a trustworthy passwordmanager and:
• Let it create a unique, random, as long as possible, pw per account
• Make backups of the pw mngr database
• Device compromise means "game over"
• Use Autofill (easy in Android and iOS/iPadOS)
• If Autofill does not automatically retrieve your credentials, it probably is a fake (phishing) website. Do read https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/
Please stop misinforming people.
#WeakMFAsucks #Weak2FAsucks #FIDO2 #WebAuthn #Passkeys #AutoFill #KeePassium #KeePassDX
Snapp iOS Weekly
Auth Updates Bot
Matt Wilcox
JRT
clankussy
David Nelson
koehntopp ~ :
Erik van Straten
Stewart Tolhurst