Mastodawn

At #Authenticate this year, @iamkale, Nishant, and I decided to mix up the usual "Passkeys 101" and cover common misconceptions about #passkeys. Topics around cloud sync, phishing resistance, workforce usage, and concerns about vendor lock in.

https://blog.timcappalli.me/p/preso-authn25-myths/

Passkey Mythbusters: Short Takes on Common Misunderstandings @ Authenticate 2025

Passkeys promise to replace passwords with a simpler, more secure login experience, but myths and confusion still hold many organizations back. This session at Authenticate 2025 tacklea some commonly heard questions and misconceptions about passkeys and breaks down the facts in clear, practical terms. You’ll walk away with a solid understanding of what passkeys really solve, what they don’t, and how to approach adoption with confidence.

Timbits

adingbatponder

👾Jul 1, 2025

Tying to fix my parents' in law's apple stuff. They cannot access the appstore on their #iphone (running under an appleID), to get an app, because the #appstore app wants an appleID / #apple account #password - which they no longer know. They can log into their #macbook as a user (same appleID) with their mac_book_user_password
Do I understand it correctly:
they can choose a new #appleid #appleaccount password (to a access the appstore etc.) using the mac_book_user_password to #authenticate ?

abuse.ch

May 15, 2025

📢 Reminder: Rate limits have been introduced for excessive API queries from unauthenticated users to keep the platforms running smoothly for everyone.

If you experience issues #Authenticate – it’s quick, easy to do, and helps ensure the platforms are stable for all.

#SteadyPlatform #SteadySignals 🧘

AzureCerulean Mar 29, 2025

### #Cloudflare open sources #OPKSSH to bring Single Sign-On #SSO to #SSH

This week, it was officially open-sourced under the umbrella of the #OpenPubkey project, itself became a #Linux Foundation open-source initiative in 2023, OPKSSH remained closed-source until now. Making it easy to #authenticate to #servers over SSH using #OpenID Connect (#OIDC), allowing developers to ditch manually configured SSH keys in favor of identity provider-based access.

https://www.helpnetsecurity.com/2025/03/28/opkssh-sso-ssh/

Cloudflare open sources OPKSSH to bring Single Sign-On to SSH - Help Net Security

OPKSSH (OpenPubkey SSH) makes it easy to authenticate to servers over SSH using OIDC, allowing devs to ditch manually configured SSH keys.

Help Net Security

Tommi Nieminen Mar 18, 2025

Jos #2FA-tunnistautumisessa pyrkii eroon amerikkalaisista #Google'n ja #Microsoft'in #Authenticate-sovelluksista, mikä olisi suositus? #FLOSS toiveissa. #atkjuttuja

abuse.ch

Feb 24, 2025

Make sure you're authenticated to awaken new features and 🕵️‍♂️ hunting capabilities within our platforms. Will you authenticate and embrace the power? 🧑‍💻⚡

Remember: The time has come to limit query volumes for unauthenticated users that query the platforms excessively. Let’s keep them running smoothly for everyone 🟢 - there's no need to hammer the platforms, even if you are authenticated!

#ItsComing #NewHuntingPower #BeReady #Authenticate

h o ʍ l e t t Feb 12, 2025

→ Pairwise Authentication of Humans
https://www.schneier.com/blog/archives/2025/02/pairwise-authentication-of-humans.html

“Here’s an easy system for two humans to remotely authenticate to each other, so they can be [more confident] that neither are digital impersonations.”

PeerAuth → https://ksze.github.io/PeerAuth/

#Pairwise #humans #authenticate #impersonations #PeerAuth

Pairwise Authentication of Humans - Schneier on Security

Here’s an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations. To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode (TOTP) between any pair of persons. This is how it works: Two people, Person A and Person B, sit in front of the same computer and open this page; They input their respective names (e.g. Alice and Bob) onto the same page, and click “Generate”; The page will generate two TOTP QR codes, one for Alice and one for Bob; ...

Schneier on Security

Websplaining Feb 5, 2025

How To Generate A SSH Public And Private Key Pair Using PuTTYgen To Connect To Your VPS https://youtu.be/4DbtuYBLCbk #Websplaining #PuTTYgen #PuTTY #SSH #SshKey #SshKeyPair #Authentication #Auth #Authenticate #VPS #VirtualPrivateServer #VPS #Cloud #CloudServer #Server #GpuServer #GPU #GenerateSshKeyPair

How To Generate A SSH Public And Private Key Pair Using PuTTYgen To Connect To Your VPS

YouTube

thanks for the reply! far from being discouraged, i appriciate your engagement. i will try to be reasonably brief in my reponse to your points and give a general update on progress and objective.

> scout out existing solutions

i have seem similar #webapp implementation, i think so far for "that kind" of chat app, the chat app is able to demonstrate similar basic functionality. for a wider adoption, the user interface needs to be more appealing, but i think its important to have a working proof-of-concept first. the project is specifically aiming to be a #javascript #localFirst #webapp.

a couple notable similar implementation to mine are:
- https://github.com/cryptocat/cryptocat
- https://github.com/jeremyckahn/chitchatter
(im sure there are many more, but i think my approach is yet different and unique to the ones i've come across.)

> DO NOT DIY ENCRYPTION!

this is indeed a reccomended practice i have seen several times. here is a previsous reddit post on the matter: https://www.reddit.com/r/cryptography/comments/1cint8h/what_are_your_thoughts_on_subtlecrypto_vs_wasm ... tldr; the underlying implementation provided by the browser is the best way to go. i have implemented the #encryption using the #webcrypto #api. i aim to not use a library for this.

i generally try to word things in a way that users can provide feedback on features. the app is still in a very early stage, but has a reasonable amount of features. im generally open to requests and questions.

> minimum viable product

what you see as the chat app is also the #minimum #viable #product. i think its sufficiently demonstrates the basic functionality of a chat app. i think the next step is to make the app more stable and user friendly.

those other apps youve mentions ive come across before. what sets my approach apart is that mine it's purely a webapp. with what id like to describe as #p2p #authentication over #webrtc, im able to remove reliance on a backend for #authenticate #data #connections. in some cases, bypass the internet (wifi/hotspot). while there are several ways to #selfhost, in this approach of a #javascript implementation, im able to store large amounts of data in the browser so things like images and #encryptionKeys can be #selfhosted" in the browser. while this form has nuanced limitations, it also has interesting implications to security and privacy.

there are many nice features from the different apps you mentioned and i think i have some unique features too. the bottle neck in this project is that i dont put in enough time to the app.

> feel free to slowly ibtegrate them.

this is basically already my approach to get the app to where it is now.

thanks for the luck, take care and i hope you stay tuned for updates.

GitHub - cryptocat/cryptocat: Secure chat software for your computer.

Secure chat software for your computer. Contribute to cryptocat/cryptocat development by creating an account on GitHub.

GitHub

Royce Williams Oct 10, 2024

If anyone is at Authenticate and spots some unusual models or colors of security keys not shown here, or stickers or other ephemera... photos or samples appreciated! :D

#Authenticate #Authenticate2024