Ho provato per settimane le YubiKey 5 NFC e 5C NFC, ecco com’è andata
Ho provato le YubiKey 5 NFC e 5C NFC su Linux, Windows e Android: autenticazione FIDO2, passkey, codici TOTP, firma dei commit con OpenPGP, Yubico Authenticator e i limiti pratici dell’NFC.https://yoota.it/ho-provato-per-settimane-le-yubikey-5-nfc-e-5c-nfc-ecco-come-andata/
Was genau ist ein Passkey?
Ein Passkey ist eine moderne und deutlich sicherere Alternative zum klassischen Passwort.
Anstatt sich komplizierte Passwörter merken zu müssen, meldet man sich einfach mit dem eigenen Gerät an – zum Beispiel per Fingerabdruck, Gesichtserkennung oder Geräte-PIN.
Der Passkey wird dabei sicher auf Ihrem Smartphone, Passwort-Manager oder Computer gespeichert.
Wie funktioniert das?
Vereinfacht gesagt bekommt jede Website zwei digitale Schlüssel:
Einen öffentlichen Schlüssel, den die Website speichert
Einen privaten Schlüssel, der nur auf Ihrem Gerät bleibt
Der private Schlüssel verlässt Ihr Gerät niemals.
[…]
#1password #ActivityPubPlugin #authentifizierung #bitwarden #blog #datenschutz #FediBlog #keepass #keepassdx #keepassxc #login #passkey #passkeys #passwort #passwörter #phishingschutz #sicherheit #wordpressBlog #WordPressFederation
Link zum kompletten Beitrag: https://mapf.net/u54k
So, can anyone tell me whether #Windows #Passkey is actually a good thing?
Somehow the prompt keeps popping up for more and more websites/services, and frankly I'm having a hard time finding out whether it's either more secure or a security risk compared to having different passwords for each website or using two factor authentification.
#security #onlinesecurity #2FA #Cybersecurity #DigitalSafety #DataProtection
I've been wondering ... with the current drive to increase #Passkey adoption (which I support), as well as with the acceleration of #PostQuantum cipher adoption (often with a target of 2029), I believe there's a problem emerging. Passkeys/WebAuthn take some time to adopt, and there's a lot of organisational effort involved to get all the ducks in a row. As there doesn't seem to be a post-quantum resistant FIDO standard in place, yet (please, correct me if I'm wrong), they **would have to go about it again.** There does not seem to be any cryptographic agility in the system at present. Particularly with PQC hardware tokens (Yubikey, @nitrokey and others) unavailable at present, this will become even more difficult.
How do others see this?
I'd love to have a bit more knowledge on long term sustainability of the efforts in migrating on a broader basis towards Passkeys.
I've just published the first v1.0.0 release candidate for Passchain (formerly HW Fido2 Provider)!
This is a big step from something that kind of work enough to be able to use security keys without the Play Services [1][2] to a more stable app.
Among other things, it benefit from the recent improvement made for the feature on microG (it uses its lib): for example we now have cross-device login => you can theoretically login on your TV with your Yubikey now 😃
[1] or microG
[2] there are now other apps like Authnkey that allow it. They didn't exist when I started Passchain, the Play Service was the only way to use them on Android
#passchain #hwFido2Provider #passkey #fido2 #yubikey #android #microg
"Jeden ersten Donnerstag im Mai ist der #WeltPasswortTag. Zeit, sich um bessere Sicherheit zu kümmern.
...
Der Welt-Passwort-Tag erinnert daran, dass Zugangsdaten sicher sein sollten."
World Password Day: Passkeys, Multi-Factor Authentication, everything is better
Every first Thursday in May is World Password Day. Time to take care of better security.
Welt-Passwort-Tag: Passkeys, Mehr-Faktor-Authentifizierung, alles ist besser
Jeden ersten Donnerstag im Mai ist der Welt-Passwort-Tag. Zeit, sich um bessere Sicherheit zu kümmern.
fabian_schluep
YOOTA
Seymour
Nils Goroll 🕊️
werdersee
Guy
S1m
Bernhard Anreiter
heise online English
heise Security