shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

268
active users

#fido2

0 posts0 participants0 posts today

With USB/IP, I can now use my YubiKey remotely via SSH in the same way as I was sitting in front of my machine. Both in early boot stage (initrd); unlocking LUKS encrypted filesystem, and in booted system stage; signing git commits and authenticate to GitHub. Great! But what about using FIDO2/WebAuthn via RDP to log in to web services? USB redirection is not supported for xrdp. Is there any workarounds coming up to for example redirect WebAuthn from one machine to another?

People who use hardware security keys: Storing them in geographically diverse locations is a wise move but makes it impossible to quickly onboard. How do you keep track of where you’ve registered each key? A checklist in a spreadsheet is obvious but cumbersome. Is there a better way? (Yes I use passkeys extensively but for certain services like email, iCloud, and my password manager, a hardware option is desirable if not mandatory.) #YubiKey #YubiKeys #FIDO #FIDO2 #FIDOKey #FIDOKeys #Security

TIL Proton dropped their maximum supported security keys (some time after mid-August 2024) from 8 to 4 keys?! (Notice the tiny "8 out of 4" label, because I had registered the maximum 8 keys)

I suspect my current config will be stable until I need to explicitly delete a key, in which case I won't be able to add a replacement unless I delete five keys. 😡

I’ve been on Fedi for a year now and have fallen in love with the platform, so here’s my introduction! I studied computer science with a focus on RTOS and FP/PL, but I’m about to start my final semester of law school. I’ll be practicing at a boutique firm that primarily handles IP cases once I’m barred. I foilboard and I play way too many rhythm games in and out of the arcade.

I contribute to open source projects where I can, and I write up my experience in my digital garden which I’ve been maintaining for over a year now. It’s also a good place to find usage tips for projects/tools that you might want to use.

My passion for tech also includes privacy, and I’m an advocate for minimizing your digital footprint. GenAI is a scam and its purveyors are causing real harm while they sell it as hard as they can.

Follow me for: #selfhosting #digitalgardening #privacy #lawfedi #section230 #copyright #patents #rustlang #gleam #haskell #RSS #neovim #NixOS #zotero #tmux #alacritty #linux #egpu #qemu #arch #archlinux #GNOME #watches #watchmaking #obsidian #obsidianmd #thunderbird #fpv #mechkeys #mechkeeb #mechanicalkeyboard #matrix #signal #fido2 #passkeys #dancerushstardom

be-far.combe-far's Digital GardenTip You will own nothing, and you will be happy. On my little corner of the internet, I document my adventures in tech and complain about the internet of shit.

Quick report on Porkbun FIDO / security key / passkey options:

  • ✅ Supports more than five keys
  • ✅ Supports passwordless passkeys as a separate toggle-able option, but you can also add a phone using the hardware key config area
  • ✅ You can opt into using only keys for MFA
  • 🤷‍♂️ You can set name of each key, but names cannot be edited (only way to rename is to delete a key)
  • ❌ Rich web-side report of auth/success failure generally, but no key-specific logging (you can't tell when each specific key was last used, IP / location / OS, etc.).
  • 🤷‍♂️ You can opt into email notifications of successful / failed auth, which list the IP, but only say "WebAuthn Security Key" (not the specific key name)
  • ❌ Does not prompt for a PIN when set on the key itself (WebAuthn)
#Porkbun#MFA#FIDO2
Replied in thread

@breadsmasher
Great question! "Need" probably isn't the right word. "Strongly desire" or "greatly prefer" would more accurate.

The reason is that I have lots of different devices with different port types. Some of my newer devices only have USB-C ports, while my older devices only have USB-A ports, and I'd really like to have just "one key to rule them all," so to speak.

I know that I could buy a little USB-A/C adapter dongle and keep that on the same keychain with the MFA key, but that introduces a degree of fragility that I'd prefer to avoid if possible.

That being said, if I found a hardware MFA key with all of the features I listed except for USB-C, then I'd happily accept the dongle compromise, because most of my devices (even the old ones) support Bluetooth, so I'd still have that as a backup option in case the dongle fails.

#MFA#2FA#fido

My current hardware MFA key is no longer receiving security patches, so I'm in the market for a new one.

Here's a list of features I'd like my new hardware MFA key to have, in order of priority:
1. USB-A
2. NFC
3. USB-C
4. Biometric
5. Bluetooth

My current MFA key has features 1-3 and 5. Is there a Holy Grail MFA key somewhere out there with all 5 features?

I'm already pretty familiar with YubiCo's product lineup, and while I love their security rating and build quality, none of them have more than 2 of the features listed above, so that kinda bums me out.

Anyway, let's hear your hardware MFA key recommendations!

#MFA#2FA#fido

am i missing something or does firefox not support fido 2 / passkeys?

i set up an onlykey passkey with a pin on chrome, but on firefox i get "JsNotAllowed" exception

there's an okta support article that suggests enabling `security.webauth.enable_softtoken` or something but that has no effect