Add WebUSB Support To Firefox With a Special USB Device - RP2040-based Pico board acting as U2F dongle with Firefox. (Credit: ArcaneNibble, ... - https://hackaday.com/2025/03/15/add-webusb-support-to-firefox-with-a-special-usb-device/ #computerhacks #securityhacks #firefox #webusb #u2f

Add WebUSB Support To Firefox With a Special USB Device https://hackaday.com/2025/03/15/add-webusb-support-to-firefox-with-a-special-usb-device/ #computerhacks #SecurityHacks #firefox #WebUSB #U2F

So, it has been like three months using FIDO/U2F keys instead of passwords. Both in my NetBSD and Arch systems.

I use a "medium" quality password to decrypt the filesystems and other one to decrypt the password manager. And that's it.

No password to log-in, to unlock screen, to run doas/sudo, etc. Just this little penguin and press its button.

Also, I'm using this as 2FA for all websites that support it. Lemmy doesn't. It's the only place where I don't use it, yet.

Because U2F uses the domain name, this is a strong protection against phishing. A similar domain may trick my eyes, but not the key.

I'm very bad at memorizing passwords, and worse at typing them. Unlocking the screen without typing my password like 3 times is a bless.

The problems: if my laptop is decrypted anybody with this penguin is root. It's kinda my Horcrux. Also, I need a second one stored safely as a backup.

So I officially have two horcruxes. Destroy both and I can't log-in anywhere.

On Friday the 13th don't let your online accounts fall into the wrong hands

The Tuta Team recommends

Protecting your email with end-to-end encryption: https://tuta.com/secure-email

Using extra login protections like a U2F device: https://tuta.com/blog/why-u2f-is-important

Keep your passwords safe in a password manager: https://tuta.com/blog/best-password-manager

What is your preferred method of #2factorauthentication ?

Tuta offers full support for #U2F & #TOTP to keep your account secure!

https://tuta.com/blog/posts/why-u2f-is-important

Is there a way to do #U2F authentication on a #GrapheneOS or #Android device?

Newbie question: what is best #mfa #authentication method for #offline networks? I am playing around with a lab environment where I want good mfa inside but don’t want it to connect to the internet. My current point of view is: I can not place #Fido there since it „needs“ internet in many ways.. right? . My current way of thinking is i build a PKI into this network and use it with #yubikey acting as a Smartcard but not #u2f or #fido2 . Am I wrong ? Is there better options?

@vkc Maybe throw in there somewhere that #PayPal supports using *a* #2FA hardware key. That’s right, just one. You can’t add a backup. Lose the one and you’re screwed.

/cc @yubico
#security #infosec #cybersecurity #MFA #WebAuthn #FIDO #FIDO2 #U2F #YubiKey #ecommerce

#TwitterMigration #introduction
<copy from previous instance intro>
I’m a Twitter refugee looking for a community. I feel like I left a burning home in the middle the night and set up camp on Mastodon in a dark and unfamiliar land. I squatted on the TWiT instance I learned of from my favorite podcast, #SecurityNow (listener from the beginning in 2005!). Now, as I wake up in this unfamiliar place and look around during the daylight, I have to find my place, my community, the app that works best for me, and how to federate my experience. #infosec
- - - -
Today, I am respawning to a new-to-me Mastodon instance. I’m just 9 days on Mastodon, but here’s a bit of what I’ve learned and why I’m changing my Mastodon instance:
1. This is a cool place. I like the format, I like the vibe, I’m making some brand new, quality contacts, and while I haven’t deleted my Twitter account, I’m spending nearly all of my social networking time and capital here. I really hope the Mastodon platform thrives, and I want to be part of that.
2. I really had no trouble networking across instances. I was able to pin or tab other instances and hashtags to see them as alternate feeds. So, why did I move? There were a few main reasons:
2(a). I was spending most of my time watching the infosec.exchange instance feed like an alien on someone else's planet. It’s already a large and diverse population of people with a pretty good alignment with my interests. It made sense to make it my new home.
2(b). I prefer the freedom to post in a longer format and sometimes feel constrained by the 500-word limit. I like the higher chaa=racter limit set on the infosec.exchange instance.
2(c). Mastodon makes it fairly easy to move, but I’m pretty sure you do sacrifice your post and interaction history. I don’t love that, but it’s a fair and reasonable price to pay for the freedom to move. And I decided better to rip off that band-aid now than wait longer.

My primary reason for being on Mastodon is to discover and participate in dialog pertaining to my professional InfoSec interests. But I can already see branching out into some one my more personal interests, which is something I was less inclined to do on the birdsite. For now, I expect to post and interact with #infosec, #podcasts, #mfa, #2fa, #fido2, #u2f, #privacy, #IoT, #phishing, #securityawareness, #grc, #ciso, and ... well, we'll see where this all takes me.

Cheers!