Show threadErik van StratenDec 4

@pake_preacher : I forgot the details of PAKE and SRP, but in the end the most secure client authentication requires:

1๏ธโƒฃ Strong, long term, human comprehensible, *serving endpoint* authentication;
*AND*
2๏ธโƒฃ TLS channel binding (enforcing known endpoints).

(Apart from those, both serving endpoint AND client MUST be trustworthy).

๐Ÿšจ The -corrupt- CA/B forum breaks 1๏ธโƒฃ by:
a) Advocating anonymous Domain Validated certificates, which render secure account creation IMPOSSIBLE;
b) Continuously decreasing certificate lifetime.

๐Ÿšจ Furthermore, "legitimate" MitM's * break 2๏ธโƒฃ.

* Man in the Middle, like on-device virusscanners and firewalls that "open" TLS tunnels (both requiring installation of a dedicated root certificate) and proxies such as (definitely not limited to) Cloudflare and Fastly.

๐Ÿ˜ฑ Passkeys enforce NEITHER 1๏ธโƒฃ NOR 2๏ธโƒฃ.

๐Ÿ˜ฑ๐Ÿ˜ฑ Worse, because passkeys (or FIDO2 hardware keys) can be easily irretrievably "lost", servers typically provide WAY EASIER phishable authentication methods (such as "rescue codes").

@cendyne @soatok @chazh

#AitM #MitM #SecureOnlineAuthIsHARD #SecureAuthentication #OnlineAuthentication #Authentication #Impersonation #ChannelBinding #TLSchannelBinding #UTM #TLS #TLSinterception #TLSscanning #Proxy #Proxies #GoogleIsEvil #CloudflareIsEvil

TANGO EUJun 27, 2025

๐Ÿ“ข ๐“๐€๐๐†๐Ž ๐–๐4 ๐ˆ๐ง๐ญ๐ž๐ซ๐ฏ๐ข๐ž๐ฐ ๐ฐ๐ข๐ญ๐ก ๐€๐ง๐ง๐ข ๐Š๐š๐ซ๐ข๐ง๐ฌ๐š๐ฅ๐จ (๐•๐“๐“) ๐๐จ๐ฐ ๐‹๐ข๐ฏ๐ž!

The latest article in our TANGO WP Leaders Interview Series is here! Discover how SSI, Decentralized Identifiers, and Zero-Knowledge Proofs are revolutionizing identity management and privacy.

โ–ถ๏ธ Read the full interview now: https://tango-project.eu/articles/tango-wp-leaders-interview-series-wp4-distributed-trust-management-framework

#TANGOProject #Privacy #SecureAuthentication #SSI #Innovation #WP4

Anastasis VasileiadisMay 24, 2025

๐Ÿ” Modern Password Security Threats: Protecting Your Digital Identity ๐Ÿ•ต๏ธโ€โ™€๏ธ ๐Ÿ›ก๏ธ ๐Ÿšจ

Cybercriminals use sneaky techniques to crack passwords and gain access to accounts. Here are the most common attacks:

โš’๏ธ Brute Force โ€“ Tries every possible password
๐Ÿ“– Dictionary Attack โ€“ Uses common words & phrases
๐ŸŒˆ Rainbow Table โ€“ Cracks password hashes
๐Ÿ‘€ Shoulder Surfing โ€“ Spies on you while typing
โŒจ๏ธ Keylogging โ€“ Records everything you type
๐ŸŽฏ Password Spraying โ€“ Tests common passwords on many accounts
๐ŸŽญ Social Engineering โ€“ Tricks you into revealing passwords
๐ŸŽฃ Phishing โ€“ Fake emails & websites steal your login
๐ŸŽŸ๏ธ Credential Stuffing โ€“ Uses leaked passwords from breaches
๐Ÿ•ต๏ธ Man-in-the-Middle โ€“ Intercepts data over networks

๐Ÿ›ก๏ธ Stay Safe! Use strong, unique passwords, enable 2FA, and beware of phishing scams.

Which attack surprised you the most? Letโ€™s discuss in the comments! โฌ‡๏ธ

โš ๏ธ This content is shared strictly for educational and informational purposes only. ๐Ÿ“š All information is provided to help individuals and organizations better protect themselves against security threats. ๐Ÿ”’ The techniques discussed are presented solely to improve awareness and defensive measures, not to facilitate any unauthorized access. โœ…

#PasswordSecurity #CyberSecurity #DataProtection #SecureAuthentication #IdentityProtection #InfoSec #PhishingAwareness #CyberDefense #MFA #DigitalSafety

PasslockOct 8, 2024
In a world where data breaches are rampant, passkeys offer a resilient defense. They bind your identity to a device, making it nearly impossible for hackers to gain access. #Passkeys #SecureAuthentication
4YourDataJun 21, 2023
๐Ÿ‘คProtect your digital identity with strong authentication methods. Enable two-factor authentication, use biometric features where available, and be cautious of identity theft risks. Keep your digital self secure. #DigitalIdentity #SecureAuthentication #4YourData