Karl Voit  1h ago

#MicrosoftAuthenticator: Kritische #Sicherheitslücke ermöglicht Token-Diebstahl
https://www.heise.de/news/Microsoft-Authenticator-Kritische-Sicherheitsluecke-ermoeglicht-Token-Diebstahl-11296717.html

Ich habe das auch mal auf meinem Artikel "Wie man eine vertrauenswürdige Authentifizierungs-App auswählt" https://karl-voit.at/2023/03/05/TOTP-Auswahl/ dazugenommen.

Wenn man von dem Vorfall Generelles ableiten möchte, bleiben eigentlich nur noch Hardware-Tokens für #FIDO2 übrig, wenn man #Phishing ausschließen möchte.

Sogar #Passkeys helfen leider nicht (mehr): https://karl-voit.at/FIDO2-vs-Passkeys/

#Authenticator #TOTP #FIDO2 #publicvoit #20230304_TOTPAuswahl #MFA #2FA #20241005_FIDO2VsPasskeys #Authentifizierung #Sicherheit

Microsoft Authenticator: Lücke ermöglicht unbefugten Zugriff

Microsoft warnt vor einer Sicherheitslücke im Authenticator. Angreifer können Sign-in-Token abgreifen und damit Zugriff erlangen.

heise online
Show threadRiku Voipio19h ago

One clear difference is that SSH public key auth works with files, while the #passkeys operate inside the browser.

With ssh it's easy to check your key as a file in ~/.ssh/id_rsa etc, and what keys the other side accepts: ~/.ssh/authorized_keys

Riku Voipio19h ago
Why are #passkeys so miserable compared to ssh public keys?
𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕1d ago

AI could steal fingerprints from high-resolution selfies, experts warn:
Hackers only need photos from within 5 feet

✌️ https://www.techspot.com/news/112427-ai-could-steal-fingerprints-high-resolution-selfies-experts.html
--
#aisecurity #aislop #fingerprint #privacy #security #photo #ai #hacking #steal #passwords #passkeys #authentication

AI could steal fingerprints from high-resolution selfies, experts warn

Reports circulating in China this week reignited concerns around the issue after experts claimed that photos showing fingers facing directly toward a camera from within roughly five...

TechSpot
Robert Kingett2d ago
Someone noticed! SMS “Hey baby boy, how many technical people did you piss off by translating their technical Passkey mambo jumbo nonsense into paragraphs about cats and cookies? I love it! Can you do this for all technical documentation?”https://sightlessscribbles.com/posts/how-to-make-portable-passkeys/ #Tech #Technology #PassKey #Passkey #Passkeys #BackUpPasskeys
How to make portable Passkeys, Sightless Scribbles

A fabulously gay blind author.

Robert Kingett2d ago
I felt like pissing on Tech Bros this morning, so I made this little guide on making portable Passkeys https://sightlessscribbles.com/posts/how-to-make-portable-passkeys/ #Tech #Technology #Passkey #Passkeys
How to make portable Passkeys, Sightless Scribbles

A fabulously gay blind author.

The Spamhaus Project2d ago

Still relying on passwords? You're not alone....but they are one of the most common targets for cybercriminals and one of the weakest links in online security...

This is your signal to switch to a more secure way to sign in: passkeys 🔐

Following World Password Day last week, we’ve published a new glossary entry explaining what exactly passkeys are, how they work, and how they better protect you online.

Learn more here ➡️ https://www.spamhaus.org/glossary/#passkeys

#CyberSecurity #Passkeys #Authentication

the infamous beiger2d ago

Any @1password users ?

Looking to try this password manager out. I have been using Proton Pass for a few months.

I really don't want to be tied down to Proton.

#1Password #PasswordManagers #Passwords #Passkeys

sayzard3d ago

Passwords suck. Can passkeys replace them?

비밀번호는 피싱, 멀웨어, 중간자 공격, 데이터베이스 유출 등 다양한 공격에 취약해 다수의 데이터 유출 사고 원인이 되고 있다. 이를 대체할 수단으로 WebAuthn 기반의 패스키(passkeys)가 주목받고 있는데, 이는 개인 키를 기기에 안전하게 저장하고 공개 키를 서버에 저장해 네트워크에 비밀번호를 전송하지 않아 피싱 공격에 강하다. 패스키는 소프트웨어 또는 하드웨어 기반으로 구현되며, 2차 인증과 결합 시 보안성을 더욱 높일 수 있다. 다만 양자컴퓨터 시대에 대비한 포스트 양자 암호화 표준 도입과 계정 복구 방안 마련이 필요하다.

https://kerkour.com/passkeys

#webauthn #passkeys #authentication #security #phishing

Passwords suck. Can passkeys replace them?

Did you know that most, if not the majority of data breaches originate from hacked credentials? Yep, that's right, if all you private information (and your family's too) got stolen and leaked 20 times a year, it's because employees at companies and governmental agencies can't manage to keep their passwords

Sylvain Kerkour
Some Bits: Nelson's Linkblog3d ago
Passkey transfer: Some promising steps in an important part of the push to end passwords. You can move your passkey credentials between apps.
https://www.androidauthority.com/google-passkeys-move-to-another-password-manager-android-3666965/
#authentication #via:reddit #passwords #1password #passkeys #security #+
Google may finally let you move passkeys to another password manager on Android

Looking to move your passkeys from Google Password Manager to another app on Android? The process could soon be much simpler.

Android Authority