Colan Schwartz<p>This is unfortunate because I received a pair of these recently that I've been meaning to take out of the package. I guess they won't be issuing recalls?</p><p><a href="https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2024/</span><span class="invisible">09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/</span></a></p><p><a href="https://mastodon.social/tags/securitykey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securitykey</span></a> <a href="https://mastodon.social/tags/sidechannel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sidechannel</span></a> <a href="https://mastodon.social/tags/yubikey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>yubikey</span></a> <a href="https://mastodon.social/tags/yubikeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>yubikeys</span></a> <a href="https://mastodon.social/tags/hardwaretokens" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hardwaretokens</span></a> <a href="https://mastodon.social/tags/hardwaretoken" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hardwaretoken</span></a> <a href="https://mastodon.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptography</span></a> <a href="https://mastodon.social/tags/credentials" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>credentials</span></a> <a href="https://mastodon.social/tags/fido" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
252active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#SecurityKey
0 posts · 0 participants · 0 posts today
🧿🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻🇺🇸<p>Does anyone know of a bank that lets you use a Fido2 security key to authenticate?</p><p>My bank only allows SMS based 2FA, so my fiat can all be stolen by any employee of my phone company at any time.</p><p><a href="https://mastodon.social/tags/2fa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2fa</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/fido2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido2</span></a> <a href="https://mastodon.social/tags/securityKey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityKey</span></a> <a href="https://mastodon.social/tags/yubikey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>yubikey</span></a> <a href="https://mastodon.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a> <a href="https://mastodon.social/tags/bank" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bank</span></a> <a href="https://mastodon.social/tags/fido" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido</span></a> <a href="https://mastodon.social/tags/webauthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webauthn</span></a> <a href="https://mastodon.social/tags/auth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>auth</span></a> <a href="https://mastodon.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a></p>
🧿🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻🇺🇸<p>PassKeys seem like a bad idea. Google backs them up to the cloud, so if your Google account is compromised then all your private keys are compromised. I don't see how that's an improvement over password+2FA at all.</p><p>Now security keys I get; keep the private key on an airgapped device. That's good. Hell I even keep my 2FA-OTP salts on a YubiKey.</p><p><a href="https://mastodon.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a> <a href="https://mastodon.social/tags/fido2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido2</span></a> <a href="https://mastodon.social/tags/webauthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webauthn</span></a> <a href="https://mastodon.social/tags/yubikey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>yubikey</span></a> <a href="https://mastodon.social/tags/2fa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2fa</span></a> <a href="https://mastodon.social/tags/otp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>otp</span></a> <a href="https://mastodon.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://mastodon.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cryptography</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> <a href="https://mastodon.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a> <a href="https://mastodon.social/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>password</span></a> <a href="https://mastodon.social/tags/securityKey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityKey</span></a> <a href="https://mastodon.social/tags/google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>google</span></a></p>
Tinned-Software<p>For decades, users have authenticated on systems with usernames and passwords. This method of authentication has not changed since the beginning of the Internet. As the Internet became a more hostile place and threats emerged, ...</p><p><a href="https://blog.tinned-software.net/secure-authentication-and-how-it-changed-over-time/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.tinned-software.net/secur</span><span class="invisible">e-authentication-and-how-it-changed-over-time/</span></a></p><p><a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/securitykey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securitykey</span></a> <a href="https://infosec.exchange/tags/securitykeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securitykeys</span></a> <a href="https://infosec.exchange/tags/fido" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido</span></a> <a href="https://infosec.exchange/tags/fido2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido2</span></a> <a href="https://infosec.exchange/tags/totp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>totp</span></a> <a href="https://infosec.exchange/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a></p>
EINGFOAN :donor:<p>updated <a href="https://infosec.exchange/tags/fido2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido2</span></a> <a href="https://infosec.exchange/tags/fido" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido</span></a> <a href="https://infosec.exchange/tags/securitykey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securitykey</span></a> <a href="https://infosec.exchange/tags/comparison" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>comparison</span></a> draft Version 0.8 </p><p><a href="https://infosec.exchange/tags/yubikey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>yubikey</span></a> <a href="https://infosec.exchange/tags/nitrokey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nitrokey</span></a> <a href="https://infosec.exchange/tags/gotrust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gotrust</span></a> <a href="https://infosec.exchange/tags/feitian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>feitian</span></a> <a href="https://infosec.exchange/tags/solokey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>solokey</span></a> <a href="https://infosec.exchange/tags/titan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>titan</span></a> <a href="https://infosec.exchange/tags/google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>google</span></a><br><a href="https://infosec.exchange/tags/mfa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mfa</span></a> <a href="https://infosec.exchange/tags/u2f" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>u2f</span></a></p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@Fr333k" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Fr333k</span></a></span> <span class="h-card" translate="no"><a href="https://chaos.social/@matthegap" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>matthegap</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@shellsharks" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>shellsharks</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@FritzAdalis" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>FritzAdalis</span></a></span> <br><span class="h-card" translate="no"><a href="https://social.heise.de/@heisec" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>heisec</span></a></span></p><p>If updates are needed Post a reply here</p><p>Credits to</p><p><a href="https://medium.com/webauthnworks/sorting-fido-ctap-webauthn-terminology-7d32067c0b01&sa=D&source=editors&ust=1686248837634831&usg=AOvVaw1RNctynoDjZdGOtR_n3KPm" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">medium.com/webauthnworks/sorti</span><span class="invisible">ng-fido-ctap-webauthn-terminology-7d32067c0b01&sa=D&source=editors&ust=1686248837634831&usg=AOvVaw1RNctynoDjZdGOtR_n3KPm</span></a></p><p><a href="https://fidoalliance.org/specifications/&sa=D&source=editors&ust=1686248837635017&usg=AOvVaw1j45hHJTnxzwWfT7VRfWK6" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">fidoalliance.org/specification</span><span class="invisible">s/&sa=D&source=editors&ust=1686248837635017&usg=AOvVaw1j45hHJTnxzwWfT7VRfWK6</span></a></p><p><a href="https://doubleoctopus.com/blog/standards-regulations/your-complete-guide-to-fido-fast-identity-online/&sa=D&source=editors&ust=1686248837635116&usg=AOvVaw3wIncGqheQ1koX9LV9-KED" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">doubleoctopus.com/blog/standar</span><span class="invisible">ds-regulations/your-complete-guide-to-fido-fast-identity-online/&sa=D&source=editors&ust=1686248837635116&usg=AOvVaw3wIncGqheQ1koX9LV9-KED</span></a></p>
Rick Klau<p>Just tried to add my <a href="https://sfba.social/tags/Yubikey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Yubikey</span></a> 5ci (the USB-C / lightning <a href="https://sfba.social/tags/securitykey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securitykey</span></a>) to my Apple ID now that Apple supports security keys. When I go to add the key, I get prompted for a PIN – which I've never set on this security key (afaik). Anyone know what's going on?</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload