shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

252
active users

#SecurityKey

0 posts0 participants0 posts today
Colan Schwartz<p>This is unfortunate because I received a pair of these recently that I've been meaning to take out of the package. I guess they won't be issuing recalls?</p><p><a href="https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2024/</span><span class="invisible">09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/</span></a></p><p><a href="https://mastodon.social/tags/securitykey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securitykey</span></a> <a href="https://mastodon.social/tags/sidechannel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sidechannel</span></a> <a href="https://mastodon.social/tags/yubikey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>yubikey</span></a> <a href="https://mastodon.social/tags/yubikeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>yubikeys</span></a> <a href="https://mastodon.social/tags/hardwaretokens" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hardwaretokens</span></a> <a href="https://mastodon.social/tags/hardwaretoken" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hardwaretoken</span></a> <a href="https://mastodon.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptography</span></a> <a href="https://mastodon.social/tags/credentials" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>credentials</span></a> <a href="https://mastodon.social/tags/fido" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido</span></a></p>
🧿🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻🇺🇸<p>Does anyone know of a bank that lets you use a Fido2 security key to authenticate?</p><p>My bank only allows SMS based 2FA, so my fiat can all be stolen by any employee of my phone company at any time.</p><p><a href="https://mastodon.social/tags/2fa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2fa</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/fido2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido2</span></a> <a href="https://mastodon.social/tags/securityKey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityKey</span></a> <a href="https://mastodon.social/tags/yubikey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>yubikey</span></a> <a href="https://mastodon.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a> <a href="https://mastodon.social/tags/bank" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bank</span></a> <a href="https://mastodon.social/tags/fido" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido</span></a> <a href="https://mastodon.social/tags/webauthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webauthn</span></a> <a href="https://mastodon.social/tags/auth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>auth</span></a> <a href="https://mastodon.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a></p>
🧿🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻🇺🇸<p>PassKeys seem like a bad idea. Google backs them up to the cloud, so if your Google account is compromised then all your private keys are compromised. I don't see how that's an improvement over password+2FA at all.</p><p>Now security keys I get; keep the private key on an airgapped device. That's good. Hell I even keep my 2FA-OTP salts on a YubiKey.</p><p><a href="https://mastodon.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a> <a href="https://mastodon.social/tags/fido2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido2</span></a> <a href="https://mastodon.social/tags/webauthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webauthn</span></a> <a href="https://mastodon.social/tags/yubikey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>yubikey</span></a> <a href="https://mastodon.social/tags/2fa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2fa</span></a> <a href="https://mastodon.social/tags/otp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>otp</span></a> <a href="https://mastodon.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://mastodon.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptography</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> <a href="https://mastodon.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a> <a href="https://mastodon.social/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>password</span></a> <a href="https://mastodon.social/tags/securityKey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityKey</span></a> <a href="https://mastodon.social/tags/google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>google</span></a></p>
Tinned-Software<p>For decades, users have authenticated on systems with usernames and passwords. This method of authentication has not changed since the beginning of the Internet. As the Internet became a more hostile place and threats emerged,&nbsp;...</p><p><a href="https://blog.tinned-software.net/secure-authentication-and-how-it-changed-over-time/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.tinned-software.net/secur</span><span class="invisible">e-authentication-and-how-it-changed-over-time/</span></a></p><p><a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/securitykey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securitykey</span></a> <a href="https://infosec.exchange/tags/securitykeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securitykeys</span></a> <a href="https://infosec.exchange/tags/fido" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido</span></a> <a href="https://infosec.exchange/tags/fido2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido2</span></a> <a href="https://infosec.exchange/tags/totp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>totp</span></a> <a href="https://infosec.exchange/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a></p>
EINGFOAN :donor:<p>updated <a href="https://infosec.exchange/tags/fido2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido2</span></a> <a href="https://infosec.exchange/tags/fido" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido</span></a> <a href="https://infosec.exchange/tags/securitykey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securitykey</span></a> <a href="https://infosec.exchange/tags/comparison" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>comparison</span></a> draft Version 0.8 </p><p><a href="https://infosec.exchange/tags/yubikey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>yubikey</span></a> <a href="https://infosec.exchange/tags/nitrokey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nitrokey</span></a> <a href="https://infosec.exchange/tags/gotrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gotrust</span></a> <a href="https://infosec.exchange/tags/feitian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>feitian</span></a> <a href="https://infosec.exchange/tags/solokey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>solokey</span></a> <a href="https://infosec.exchange/tags/titan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>titan</span></a> <a href="https://infosec.exchange/tags/google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>google</span></a><br><a href="https://infosec.exchange/tags/mfa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mfa</span></a> <a href="https://infosec.exchange/tags/u2f" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>u2f</span></a></p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@Fr333k" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Fr333k</span></a></span> <span class="h-card" translate="no"><a href="https://chaos.social/@matthegap" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>matthegap</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@shellsharks" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>shellsharks</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@FritzAdalis" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>FritzAdalis</span></a></span> <br><span class="h-card" translate="no"><a href="https://social.heise.de/@heisec" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>heisec</span></a></span></p><p>If updates are needed Post a reply here</p><p>Credits to</p><p><a href="https://medium.com/webauthnworks/sorting-fido-ctap-webauthn-terminology-7d32067c0b01&amp;sa=D&amp;source=editors&amp;ust=1686248837634831&amp;usg=AOvVaw1RNctynoDjZdGOtR_n3KPm" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">medium.com/webauthnworks/sorti</span><span class="invisible">ng-fido-ctap-webauthn-terminology-7d32067c0b01&amp;sa=D&amp;source=editors&amp;ust=1686248837634831&amp;usg=AOvVaw1RNctynoDjZdGOtR_n3KPm</span></a></p><p><a href="https://fidoalliance.org/specifications/&amp;sa=D&amp;source=editors&amp;ust=1686248837635017&amp;usg=AOvVaw1j45hHJTnxzwWfT7VRfWK6" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">fidoalliance.org/specification</span><span class="invisible">s/&amp;sa=D&amp;source=editors&amp;ust=1686248837635017&amp;usg=AOvVaw1j45hHJTnxzwWfT7VRfWK6</span></a></p><p><a href="https://doubleoctopus.com/blog/standards-regulations/your-complete-guide-to-fido-fast-identity-online/&amp;sa=D&amp;source=editors&amp;ust=1686248837635116&amp;usg=AOvVaw3wIncGqheQ1koX9LV9-KED" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">doubleoctopus.com/blog/standar</span><span class="invisible">ds-regulations/your-complete-guide-to-fido-fast-identity-online/&amp;sa=D&amp;source=editors&amp;ust=1686248837635116&amp;usg=AOvVaw3wIncGqheQ1koX9LV9-KED</span></a></p>
Rick Klau<p>Just tried to add my <a href="https://sfba.social/tags/Yubikey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Yubikey</span></a> 5ci (the USB-C / lightning <a href="https://sfba.social/tags/securitykey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securitykey</span></a>) to my Apple ID now that Apple supports security keys. When I go to add the key, I get prompted for a PIN –&nbsp;which I've never set on this security key (afaik). Anyone know what's going on?</p>