Shakedown Social

1 post1 participant0 posts today

Christian Drumm 🇪🇺🧗🚵Ich habe gerade Dokumente für das Kindergeld über die <a href="https://mastodon.social/tags/eServices" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#eServices</a> der <a href="https://mastodon.social/tags/arbeitsagentur" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#arbeitsagentur</a> hochgelanden. Vorab, ich finde die Idee, die der <a href="https://mastodon.social/tags/BundID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BundID</a> zugrunde liegt, gut. Insbesondere, dass ich auf Basis des BundID Profile bei der <a href="https://mastodon.social/tags/arbeitsagentur" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#arbeitsagentur</a> anlegen kann ist gut. Alternative könnte bei der <a href="https://mastodon.social/tags/arbeitsagentur" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#arbeitsagentur</a> auch einen <a href="https://mastodon.social/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkey</a> verwenden. Ich wollte jetzt die <a href="https://mastodon.social/tags/BundID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BundID</a> zusammen mit dem Personalausweis verwenden. Warum muss das so eine unglaublich schlecht <a href="https://mastodon.social/tags/Useability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Useability</a> haben? (1/n)

Eiji Kitamura / えーじ :verified:<a href="https://infosec.exchange/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkey</a> deployment checklist is now available.This new content summarizes all the passkey best practices we can think of when a website deploys a passkey system such as:<ul><li>Use AAGUID to identify the passkey provider and to name the credential for the user.</li><li>Prompt for local passkey creation if the user has signed in with a cross-device passkey.</li><li>Verify the user with the strongest authentication method available for they can use before allowing them to create a passkey.</li></ul>You can use this checklist to build a best possible passkey implementation, or to see if there are anything you can improve by comparing it with your existing deployment.Checkout our passkey deployment checklist from here: <a href="https://web.dev/articles/passkey-checklist" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://web.dev/articles/passkey-checklist</a>If you have any feedback on this content, please let me know!

Scripter :verified_flashing:Wenn ihr ein Gmail-Konto habt, rät Google euch dringend, eine Änderung so schnell wie möglich vorzunehmen <a href="https://www.gamestar.de/artikel/gmail-google-rat,3434616.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.gamestar.de/artikel/gmail-google-rat,3434616.html</a> <a href="https://social.tchncs.de/tags/Datenschutz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Datenschutz</a> <a href="https://social.tchncs.de/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkey</a> <a href="https://social.tchncs.de/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#2FA</a>

🧿🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻🇺🇸<a href="https://mastodon.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkeys</a> are for people who only use one device to access the Internet, or multiple devices that are all made by AAPL/GOOG.If you use Firefox on Ubuntu, Edge on Windows, Safari on Mac OS, and Chrome on ChromeOS you will have a bad time.<a href="https://mastodon.social/tags/webauthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#webauthn</a> <a href="https://mastodon.social/tags/fido2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fido2</a> <a href="https://mastodon.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkey</a> <a href="https://mastodon.social/tags/auth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#auth</a> <a href="https://mastodon.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#authentication</a>

Scripter :verified_flashing:Nie mehr Passwörter nutzen und trotzdem bequem und sicher anmelden: so geht's - PC-WELT <a href="https://www.pcwelt.de/article/1343091/passkey-ersetzen-passwoerter-alle-infos.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.pcwelt.de/article/1343091/passkey-ersetzen-passwoerter-alle-infos.html</a> <a href="https://social.tchncs.de/tags/Datenschutz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Datenschutz</a> <a href="https://social.tchncs.de/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkey</a> <a href="https://social.tchncs.de/tags/Passwort" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passwort</a>

Scripter :verified_flashing:Dank dieser 5 Passkey-Tricks kann ich Passwörter endlich vergessen - PC-WELT <a href="https://www.pcwelt.de/article/2769745/dank-dieser-5-passkey-tricks-kann-ich-passworter-endlich-vergessen.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.pcwelt.de/article/2769745/dank-dieser-5-passkey-tricks-kann-ich-passworter-endlich-vergessen.html</a> <a href="https://social.tchncs.de/tags/Datenschutz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Datenschutz</a> <a href="https://social.tchncs.de/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkey</a> <a href="https://social.tchncs.de/tags/Passwort" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passwort</a>

EINGFOAN :donor:<a href="https://infosec.exchange/@jerry" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@jerry</a> security theory question: is a <a href="https://infosec.exchange/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkey</a> rather a something you know or a something you have? In terms of MFA? I see different orgs that treat it either this way or that way. Any opinion or maybe even hard fact?

Erik van Straten<a href="https://infosec.exchange/@BleepingComputer" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@BleepingComputer</a> : unless the verifying server thoroughly checks the domain name of the server the user authenticated to, this could put users of passkeys at risk of phishing attacks.See <a href="https://github.com/w3ctag/design-reviews/issues/97#issuecomment-175766580" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/w3ctag/design-reviews/issues/97#issuecomment-175766580</a> why.<a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkeys</a> <a href="https://infosec.exchange/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkey</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/DomainNames" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DomainNames</a> <a href="https://infosec.exchange/tags/DV" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DV</a> <a href="https://infosec.exchange/tags/DVcerts" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DVcerts</a>

KSev 🇳🇴🌻🚲 :donor:I need to better understand passkeys. And I need to develop guidance that I can explain to my dad. On that note it was cool to see Costco app prompt to create a <a href="https://infosec.exchange/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkey</a> this morning.

Kevin Karhan :verified:<a href="https://tooting.ch/@oscherler" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@oscherler</a> not shure.<ul><li>All I know is that <a href="https://infosec.space/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkey</a> is dysfunctional most of the time and has worse <a href="https://infosec.space/tags/UX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UX</a> than <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PGP</a>-based <a href="https://infosec.space/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#2FA</a>!</li></ul>

ÖlbaumSo, <a href="https://tooting.ch/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkey</a> question:Is it possible that a web site that has been supporting YubiKeys for a while would automatically support Safari’s and 1Password’s passkeys, by means of it being webauthn in both cases, or at least appear to support them, even if it fails later?That would explain some of the ignorance of customer service agents when you point out how their passkey implementation is broken.<a href="https://tooting.ch/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkeys</a> <a href="https://tooting.ch/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://tooting.ch/tags/webauthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#webauthn</a> <a href="https://tooting.ch/tags/YubiKey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#YubiKey</a>

heise onlineWelt-Passwort-Tag: Menschen wollen Zwei-Faktor-AuthentifizierungAm Welt-Passwort-Tag haben GMX und web.de eine Umfrage herausgebracht. Die zeigt, es gibt Fortschritte im Hinblick auf Sicherheit.<a href="https://www.heise.de/news/Welt-Passwort-Tag-Menschen-wollen-Zwei-Faktor-Authentifizierung-10368650.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.heise.de/news/Welt-Passwort-Tag-Menschen-wollen-Zwei-Faktor-Authentifizierung-10368650.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon</a><a href="https://social.heise.de/tags/IT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IT</a> <a href="https://social.heise.de/tags/eCommerce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#eCommerce</a> <a href="https://social.heise.de/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkey</a> <a href="https://social.heise.de/tags/Passw%C3%B6rter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passwörter</a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://social.heise.de/tags/Webde" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Webde</a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a>

heise online EnglishWorld Password Day: people want two-factor authenticationOn World Password Day, GMX and web.de published a survey. It shows that progress is being made in terms of security.<a href="https://www.heise.de/en/news/World-Password-Day-people-want-two-factor-authentication-10368740.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.heise.de/en/news/World-Password-Day-people-want-two-factor-authentication-10368740.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon</a><a href="https://social.heise.de/tags/IT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IT</a> <a href="https://social.heise.de/tags/eCommerce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#eCommerce</a> <a href="https://social.heise.de/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkey</a> <a href="https://social.heise.de/tags/Passw%C3%B6rter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passwörter</a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://social.heise.de/tags/Webde" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Webde</a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a>

drs1969 (David Smith) 🇬🇧I HATE this wretched <a href="https://mstdn.social/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkey</a> nonsense. Every browser, OS, Website is trying to get me to create the things with NO explanation of how they work or what consequences are AND when I'm actually in the middle of signing in using a password manager. As near I can tell, I've just had Windows, Chrome and maybe Amazon all have go. And talk about anti patterns! Major sign in changes are NOT what you try to force on people in the middle of login task completion. What's WRONG with you? <a href="https://mstdn.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a>

dreiwert<a href="https://wetdry.world/@memes" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@memes</a> If your private key locked inside a hardware <a href="https://digitalcourage.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkey</a>, don't despair. You can send it by snail mail to have us check.

mindsConnected<a href="https://mastodon.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> is killing off passwords completely, in favour of passkeys. I think this will alienate a lot of people... thoughts? <a href="https://mindsconnected.tech/index.php?showtopic=1079&view=getnewpost" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mindsconnected.tech/index.php?showtopic=1079&view=getnewpost</a> <a href="https://mastodon.social/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#password</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.social/tags/windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#windows</a> <a href="https://mastodon.social/tags/windows10" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#windows10</a> <a href="https://mastodon.social/tags/windows11" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#windows11</a> <a href="https://mastodon.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkey</a> <a href="https://mastodon.social/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tech</a>

Matt CengiaI'd love if there was a website like <a href="https://www.passkeys.io/who-supports-passkeys" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.passkeys.io/who-supports-passkeys</a> which showed which websites also support *non-resident* <a href="https://aus.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FIDO2</a> authentication as opposed to resident <a href="https://aus.social/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkey</a>. Let's reward sites that have that support!

Scripter :verified_flashing:Google-Passkey einrichten – so geht's | heise online <a href="https://www.heise.de/tipps-tricks/Google-Passkey-einrichten-so-geht-s-10326284.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.heise.de/tipps-tricks/Google-Passkey-einrichten-so-geht-s-10326284.html</a> <a href="https://social.tchncs.de/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Google</a> <a href="https://social.tchncs.de/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkey</a>

Karl Voit :emacs: :orgmode:<a href="https://graz.social/tags/TroyHunt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TroyHunt</a> fell for a <a href="https://graz.social/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a> attack on his mailinglist members: <a href="https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/</a>Some of the ingredients: <a href="https://graz.social/tags/Outlook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Outlook</a> and its habit of hiding important information from the user and missing <a href="https://graz.social/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#2FA</a> which is phishing-resistant.Use <a href="https://graz.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FIDO2</a> with hardware tokens if possible (<a href="https://graz.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkeys</a> without FIDO2 HW tokens are NOT phishing-resistant due to the possibility of being able to trick users with credential transfers: <a href="https://arxiv.org/abs/2501.07380" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arxiv.org/abs/2501.07380</a>) and avoid Outlook (or <a href="https://graz.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a>) whenever possible.Further learning: it could happen to the best of us! Don't be ashamed, try to minimize risks and be open about your mistakes.Note: any 2FA is better than no 2FA at all.<a href="https://graz.social/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#email</a> <a href="https://graz.social/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://graz.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://graz.social/tags/OTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTP</a> <a href="https://graz.social/tags/TOTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TOTP</a> <a href="https://graz.social/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkey</a> <a href="https://graz.social/tags/haveibeenpwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#haveibeenpwned</a> <a href="https://graz.social/tags/Ihavebeenpwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ihavebeenpwned</a>

Frankie ✅Some say passkeys are clunky — this startup wants to change that <a href="https://techcrunch.com/2025/03/11/some-say-passkeys-are-clunky-this-startup-wants-to-change-that/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://techcrunch.com/2025/03/11/some-say-passkeys-are-clunky-this-startup-wants-to-change-that/</a> <a href="https://mastodon.social/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a> <a href="https://mastodon.social/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tech</a> <a href="https://mastodon.social/tags/technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#technology</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mastodon.social/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://mastodon.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkey</a> <a href="https://mastodon.social/tags/internet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#internet</a>

Recent searches

Search options

Administered by:

Server stats:

#passkey