#PassKey question. If you use a managed Chrome profile (aka corporate IT managed), can IT view your saved passwords/passkeys? Searching only says Yes and No, so I'm asking you folks who know better than randos. Thanks...
#PassKey question. If you use a managed Chrome profile (aka corporate IT managed), can IT view your saved passwords/passkeys? Searching only says Yes and No, so I'm asking you folks who know better than randos. Thanks...
This may be a lame observation, but I believe I now better understand why #Passkey adoption is perhaps not as high as one would expect.
Username/password authentication is "easy" to implement. A million ways you can do it badly, but you can nonetheless do it.
Passkey authentication is not as easy to do. (And no... I do not have experience with Passkey authentication...)
But the fact that multiple tutorials and guides already refer to implementation authN using third-party services frustrates me...
Enough whining... I will make a more concerted effort to try and figure this out now.
Calling upon #Python developers. Have you implemented #Passkey authentication without using third-party services?
I'm trying to find some good reference material but all seem to include usage of third-party services for managing the authentication...
... but I want full "ownership" of the authentication stack before deciding to ship that to someone else. One of the most critical components is not something I feel entirely comfortable handing off to someone else.
So... anyone got something to share? I have come across this:
https://pypi.org/project/webauthn/
That seems to give me the server/backend stuff. If you have experience building the frontend/UX components using #Reflex then I would be even more excited to hear from you!
Ich habe gerade Dokumente für das Kindergeld über die #eServices der #arbeitsagentur hochgelanden.
Vorab, ich finde die Idee, die der #BundID zugrunde liegt, gut. Insbesondere, dass ich auf Basis des BundID Profile bei der #arbeitsagentur anlegen kann ist gut. Alternative könnte bei der #arbeitsagentur auch einen #Passkey verwenden.
Ich wollte jetzt die #BundID zusammen mit dem Personalausweis verwenden. Warum muss das so eine unglaublich schlecht #Useability haben? (1/n)
#Passkey deployment checklist is now available.
This new content summarizes all the passkey best practices we can think of when a website deploys a passkey system such as:
You can use this checklist to build a best possible passkey implementation, or to see if there are anything you can improve by comparing it with your existing deployment.
Checkout our passkey deployment checklist from here: https://web.dev/articles/passkey-checklist
If you have any feedback on this content, please let me know!
Wenn ihr ein Gmail-Konto habt, rät Google euch dringend, eine Änderung so schnell wie möglich vorzunehmen
https://www.gamestar.de/artikel/gmail-google-rat,3434616.html #Datenschutz #Passkey #2FA
#Passkeys are for people who only use one device to access the Internet, or multiple devices that are all made by AAPL/GOOG.
If you use Firefox on Ubuntu, Edge on Windows, Safari on Mac OS, and Chrome on ChromeOS you will have a bad time.
Nie mehr Passwörter nutzen und trotzdem bequem und sicher anmelden: so geht's - PC-WELT
https://www.pcwelt.de/article/1343091/passkey-ersetzen-passwoerter-alle-infos.html #Datenschutz #Passkey #Passwort
Dank dieser 5 Passkey-Tricks kann ich Passwörter endlich vergessen - PC-WELT
https://www.pcwelt.de/article/2769745/dank-dieser-5-passkey-tricks-kann-ich-passworter-endlich-vergessen.html #Datenschutz #Passkey #Passwort
@BleepingComputer : unless the verifying server thoroughly checks the domain name of the server the user authenticated to, this could put users of passkeys at risk of phishing attacks.
See https://github.com/w3ctag/design-reviews/issues/97#issuecomment-175766580 why.
I need to better understand passkeys. And I need to develop guidance that I can explain to my dad.
On that note it was cool to see Costco app prompt to create a #passkey this morning.
@oscherler not shure.
So, #passkey question:
Is it possible that a web site that has been supporting YubiKeys for a while would automatically support Safari’s and 1Password’s passkeys, by means of it being webauthn in both cases, or at least appear to support them, even if it fails later?
That would explain some of the ignorance of customer service agents when you point out how their passkey implementation is broken.
Welt-Passwort-Tag: Menschen wollen Zwei-Faktor-Authentifizierung
Am Welt-Passwort-Tag haben GMX und web.de eine Umfrage herausgebracht. Die zeigt, es gibt Fortschritte im Hinblick auf Sicherheit.
World Password Day: people want two-factor authentication
On World Password Day, GMX and web.de published a survey. It shows that progress is being made in terms of security.
I HATE this wretched #Passkey nonsense. Every browser, OS, Website is trying to get me to create the things with NO explanation of how they work or what consequences are AND when I'm actually in the middle of signing in using a password manager.
As near I can tell, I've just had Windows, Chrome and maybe Amazon all have go.
And talk about anti patterns! Major sign in changes are NOT what you try to force on people in the middle of login task completion. What's WRONG with you?
#InfoSec
I'd love if there was a website like https://www.passkeys.io/who-supports-passkeys which showed which websites also support *non-resident* #FIDO2 authentication as opposed to resident #Passkey. Let's reward sites that have that support!
Google-Passkey einrichten – so geht's | heise online
https://www.heise.de/tipps-tricks/Google-Passkey-einrichten-so-geht-s-10326284.html #Google #Passkey