Rappelez-moi pourquoi je cherche à implémenter les #passkeys déjà ?
Quel bazar…
Recherches récentes
Options de recherche
#passkeys
2 messages2 participants0 message aujourd’hui
#Microsoft Is Ditching #Passwords for #Passkeys: How to Switch Before the August Deadline
https://www.cnet.com/tech/microsoft-is-ditching-passwords-for-passkeys-how-to-make-the-switch-before-the-august-deadline/
#privacy #security
CNETMicrosoft Is Ditching Passwords for Passkeys: How to Switch Before the August DeadlineNearly half of US adults have risky password habits. Microsoft's new approach could change that.
Suite du fil
Tant de bo tinguessin #Passkeys arreu, en tots els servidors, bancs, oficines virtuals de les administracions etc. No hi haurien robatoris de contrasenyes perquè no hi hauria cap per robar!
Les claus d’accés (#Passkeys) són una forma moderna i segura d’iniciar sessió sense necessitat de contrasenyes tradicionals. Funcionen amb autenticació biomètrica (digital o facial) i utilitzen criptografia de clau pública per verificar la teva identitat.
Com funcionen?
1. quan crees una passkey, el teu dispositiu genera un parell de claus:
- Clau privada (emmagatzemada de forma segura al teu dispositiu).
- Clau pública (enviada al servidor del lloc web o app).
Facebook va bientôt prendre en charge les passkeys http://dlvr.it/TLRdT9 #Facebook #Passkeys
iGeneration · Facebook va bientôt prendre en charge les passkeys
“Das fehlende Puzzleteil für Passkeys: Apple stellt Exportfunktion in Aussicht”
Endlich! 
Die fehlende Portabilität ist genau der grosse Hemmschuh.
heise online · Das fehlende Puzzleteil für Passkeys: Apple stellt Exportfunktion in Aussicht
I'm basically dead in the water for anything that wants to [Google] reauthenticate occasionally (Google Finance, etc.) on this device (which is my daily driver). The issue is that the device-bound passkey isn't validating and it won't let me use anything else (like a security key).
Either the passkey on my Pixel 7 is corrupted, or the process of verifying it has a bug / wedge. Anything Google that wants to prompt for a passkey fails with the "2-Step Verification" flow's "Try another way" step. And even worse, the "other ways" (like the other passkeys I have on other devices, or the FIDO2 security keys that I have that predate passkeys) appear to succeed ... but then I'm redirected back to the same "try another way" as if presenting the key is being ignored even though it worked.
This was happening before the June update, and is still happening afterwards.
There also appears to be no way to delete a passkey from the Google Account side.
Edit: screenshot added (Sorry for the photo, had to take it from another device because you can't screenshot the auth flow)
Edit: this is only happening on one device. Other Google devices with automatically generated passkeys are working fine.
Edit: clearing all data for Chrome - not just cache, but all storage - fixed the issue for me!
Ars Technica · Coming to Apple OSes: A seamless, secure way to import and export passkeys
Coming to Apple OSes: A seamless, secure way to import and export passkeys
Ars Technica · Coming to Apple OSes: A seamless, secure way to import and export passkeys
LemonLDAP::NG 2.21 is out!
Read our release notes: https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-1-is-out/
Explain #passkeys to me like I'm your grandparents.
Suite du fil
True story,
- Log into browser with IdP
- Get logged out of IdP
- Log back into IdP
- Click something in the browser's popover and now your browser has a passkey to the IdP
- Get logged out of browser and IdP
- Get locked out because you need to log into the browser to log into the IdP to log into the browser to log into the IdP to...
How can this failure mode exist?
Where do we even start to communicate this to users in a good way?
/rant
#Passkeys are pretty cool, but the shotgun approach to implementation is horrendous.
It really grinds my gears that every browser, password manager++ tries to swoop in and steal that user flow.
Suddenly you've created and added passkeys to services without your intention, no knowing what key is used, which service has it or whether it's bound to hardware or roaming. It could be in the cloud for all you know.
I'm struggling to keep track, and I work with this every day...
A répondu dans un fil de discussion
Der Weg zu einem zuverlässigen Phishingschutz ist unklar und schwierig. Ein Schritt ist die Abkehr von Passwörtern, die wir Menschen uns merken müssen und damit auch einmal am falschen Ort eingeben können. Z.B. über #PassKeys.
Aber auch Sender von "guten" Mails könnten diese klarer von Phishing abgrenzen. Beispielsweise immer nur ab der eigenen, bekannten Domain versenden und Call-to-Action-Links nur auf ihre Domain zeigen lassen.
Das Netz ist politisch · Schweizerdeutsch liegt im Trend – auch bei Phishing - Das Netz ist politischSpam und Phishingversuche auf Schweizerdeutsch scheinen beliebter zu werden. Wieso nutzen Spammer denn diese Nischensprache? Schauen wir in dieser kleinen
Dank Passkeys klappt der Login künftig komfortabler und vor allem sicherer als per Passwort.
Im Webinar erläutern die c’t-Redakteure Kathrin und Niklas was Passkeys sind, wie sie funktionieren und vor allem, wie man sie im Alltag nutzen kann.
04.06.2025
15:00 - 17:00 Uhr
online
Mehr zum Webinar: https://webinare.heise.de/passkeys/?wt_mc=sm.academy.ct.web_passkeys.mastodon_ct.link.link
Whoa, a bank supporting #passkeys! Never thought I'd see the day.
A répondu dans un fil de discussion
@BleepingComputer : unless the verifying server thoroughly checks the domain name of the server the user authenticated to, this could put users of passkeys at risk of phishing attacks.
See https://github.com/w3ctag/design-reviews/issues/97#issuecomment-175766580 why.
GitHubReview Web Authentication spec · Issue #97 · w3ctag/design-reviews
For a while, I've been working with some other developers on improving passkey support in Linux. Here are my thoughts on what the road to a secure native API for interacting with passkeys. We'll need TPM support, measured boot, a virtual TEE, sandboxing kernel modules and more.
Sounds intriguing? Read here:
www.iinuwa.xyz · Linux Passkeys Update
Plus via 
iinuwa