PASSKEYS, HOE DAN EN WAAROM?
Zojuist heb ik geprobeerd om in https://security.nl/posting/929755 uit te leggen hoe passkeys werken, en wat de voor/nadelen zijn.
Boosten van deze toot wordt gewaardeerd!
#Passkeys #WebAuthn #FIDO2 #Yubikey #Phishing #PhishingResistant #PhishingResistance #InfoSec
Installing #Authnkey from #fdroid got my #Yubikey to work via NFC on #GrapheneOS
https://github.com/mimi89999/Authnkey
"Android's built-in #WebAuthn support has a significant gap: it does not support #CTAP2 over NFC. This means you cannot use PIN-protected passkeys or discoverable credentials with NFC
... Authnkey fills this gap by implementing the full CTAP2 protocol."
Out of time, but think I have a good enough solution for keeping non-user emails private (or at least, unknown to me), while still being checkable for inclusion. Tomorrow night, let's finish it up. See you then!
🔜 Tomorrow’s stream: https://youtube.com/live/zwnt88PSRq0
⏮️ Playlist so far: https://www.youtube.com/playlist?list=PLRxjf93xotuofCtaxtGOcWeuxVZYJyY-m
📲 Download Jiiiii: https://apps.apple.com/app/apple-store/id6472801548?pt=14724&ct=MastodonCCStreams&mt=8
#Jiiiii #DevStream #tvOS #visionOS #macOS #iOS #iPadOS #Anime #Swift #SwiftUI #Vapor #WebAuthn #BuildInPublic #TestFlight #PWA #WebPush
I'm making a seasonal anime guide app, in the open for all to experience and learn from.
Let's perform simple hashing for emails in anti-abuse tables!
#Jiiiii #DevStream #tvOS #visionOS #macOS #iOS #iPadOS #Anime #SwiftLang #SwiftUI #Vapor #WebAuthn #BuildInPublic #TestFlight #PWA #WebPush
Come chill with me: https://youtube.com/live/I5zS9gwlOgA
I'm a bit unsure how to proceed with protecting emails in a reasonable way here without over thinking it… Tomorrow night, let's hope I’ve had time to think more about it and just make a decision… See you then!
🔜 Tomorrow’s stream: https://youtube.com/live/I5zS9gwlOgA
⏮️ Playlist so far: https://www.youtube.com/playlist?list=PLRxjf93xotuofCtaxtGOcWeuxVZYJyY-m
📲 Download Jiiiii: https://apps.apple.com/app/apple-store/id6472801548?pt=14724&ct=MastodonCCStreams&mt=8
#Jiiiii #DevStream #tvOS #visionOS #macOS #iOS #iPadOS #Anime #Swift #SwiftUI #Vapor #WebAuthn #BuildInPublic #TestFlight #PWA #WebPush
I'm making a seasonal anime guide app, in the open for all to experience and learn from.
Let's look into hashing non-user emails in tracking tables!
#Jiiiii #DevStream #tvOS #visionOS #macOS #iOS #iPadOS #Anime #SwiftLang #SwiftUI #Vapor #WebAuthn #BuildInPublic #TestFlight #PWA #WebPush
Come chill with me: https://youtube.com/live/1bLuldI3Rc8
TIL of OpenYOLO - "You only login once"
Basically.. proto-FIDO2 but it directly let pages request a password from an authenticator lmao. And save credentials too, not unlike a passkey.
https://openid.net/specs/openyolo-android-03.html
https://github.com/openid/OpenYOLO-Web
What a silly old thing, sheesh. Is this what modern webauthn was born from, or was that a parallel effort?
Glad we have better stuff now that uh, wouldn't get popped from the first XHR that gets found for a site
OpenYOLO for Android is a protocol for retrieving, updating and assisting in the creation of authentication credentials. This document describes the core concepts of OpenYOLO, and the platform-specific details for implementing the OpenYOLO protocol on Android. What's in a name? YOLO stands for "You Only Login Once", which is the internal code-name for Google's Smart Lock for Passwords API on Android. OpenYOLO is the open standards successor to YOLO, and came to be as a result of an initial collaboration between Google and Dashlane. OpenYOLO leverages the lessons learned from YOLO, and also ensures that implementations of OpenYOLO can compete on a level playing field. OpenYOLO would not have been likely to succeed without AgileBits, Keeper Security and LastPass, to whom we are grateful for their continued support and engagement.
Started thinking about how I'm _actually_ going to prevent abuse when any user can invite any email. Tomorrow night, let's start thinking about how we can protect stranger’s privacy by hashing invited emails. See you then!
🔜 Tomorrow’s stream: https://youtube.com/live/1bLuldI3Rc8
⏮️ Playlist so far: https://www.youtube.com/playlist?list=PLRxjf93xotuofCtaxtGOcWeuxVZYJyY-m
📲 Download Jiiiii: https://apps.apple.com/app/apple-store/id6472801548?pt=14724&ct=MastodonCCStreams&mt=8
#Jiiiii #DevStream #tvOS #visionOS #macOS #iOS #iPadOS #Anime #Swift #SwiftUI #Vapor #WebAuthn #BuildInPublic #TestFlight #PWA #WebPush
I'm making a seasonal anime guide app, in the open for all to experience and learn from.
Trying out new streaming software _and_ had basically no sleep last night, so let's try making some progress… any progress really 😅
#Jiiiii #DevStream #tvOS #visionOS #macOS #iOS #iPadOS #Anime #SwiftLang #SwiftUI #Vapor #WebAuthn #BuildInPublic #TestFlight #PWA #WebPush
Come chill with me: https://youtube.com/live/2T_xNmnYT0A
Kiddo is stirring, so stopping early, but got the start of an email composed. Tomorrow night, let's flesh out the anti-abuse store so sent emails can be tracked responsibly. See you then!
🔜 Tomorrow’s stream: https://youtube.com/live/2T_xNmnYT0A
⏮️ Playlist so far: https://www.youtube.com/playlist?list=PLRxjf93xotuofCtaxtGOcWeuxVZYJyY-m
📲 Download Jiiiii: https://apps.apple.com/app/apple-store/id6472801548?pt=14724&ct=MastodonCCStreams&mt=8
#Jiiiii #DevStream #tvOS #visionOS #macOS #iOS #iPadOS #Anime #Swift #SwiftUI #Vapor #WebAuthn #BuildInPublic #TestFlight #PWA #WebPush
Erik van Straten
Doug Webb
Dimitri Bouniol
Saphire Lattice