FIDO2 – Page 2 – WindowsTechs.com

Is it possible to see the pubkeys that pair with private keys inside the TPM in Windows?

Posted on May 24, 2023 by mikemaccana

Is it possible to inspect data (pubkeys, domain names used for webauthn, not private keys) related to private keys stored in the TPM on Windows?

I legally own the hardware and have maximum permissions on my user account
I have the necessa… Continue reading Is it possible to see the pubkeys that pair with private keys inside the TPM in Windows?→

Can Fido2 hardware tokens be used for key agreement or Diffie-Hellman?

Posted on May 24, 2023 by Steffen Vogel

With Fido2 becoming more popular we see more and more affordable Fido2 hardware security keys on the market.
Can we use those tokens also for establishing a shared secret between two tokens?
I would like to use them to perform something si… Continue reading Can Fido2 hardware tokens be used for key agreement or Diffie-Hellman?→

Can I use an iPhone connected via USB to a computer as a FIDO2 security key (for example in OpenSSH)? [migrated]

Posted on May 18, 2023 by cs224

In the same way that I can use a Yubikey or any other FIDO2 hardware key to store resident keys for use with OpenSSH (for example ssh-keygen -t ed25519-sk -O resident -O verify-required) I would like to use my iPhone. I have my iPhone most… Continue reading Can I use an iPhone connected via USB to a computer as a FIDO2 security key (for example in OpenSSH)? [migrated]→

Passwordless authentication using expiring hardware keys

Posted on May 5, 2023 by Taras

I am looking for a solution to implement passwordless authentication using expirable hardware keys. It is for devices around the world with Windows OS, and sometimes service technicians have to do something there, so I want an admin accoun… Continue reading Passwordless authentication using expiring hardware keys→

FIDO2: should I set user verification to "discouraged" with two-factor authentication?

Posted on April 13, 2023 by tobib

I provide a web application that uses FIDO2 for two-factor authentication. Recently I got reports that Windows users have to enter a PIN each time they use their hardware token. As far as I understand, this is considered a form of user ver… Continue reading FIDO2: should I set user verification to "discouraged" with two-factor authentication?→

FIDO2 security keys – what attack vectors/weaknesses exist for "bad" keys

Posted on March 2, 2023 by Richard

What attack vectors exist for "bad" FIDO USB keys? What would the weaknesses of a "bad" key be? How could they be compromised?

I have been looking at several "make your own key" projects, and wonder how they… Continue reading FIDO2 security keys – what attack vectors/weaknesses exist for "bad" keys→

Reading SSH private key physically stored on yubikey to remote into external PC

Posted on January 2, 2023 by SneakyShrike

I was wondering if it’s possible to only store and read a ssh private key on a yubikey and not read the private key the yubikey generated from a client computer?
Currently the only way it seems to work is that I store the private key on cl… Continue reading Reading SSH private key physically stored on yubikey to remote into external PC→

Microsoft, Google, and Apple to Expand Passwordless Login Across All Major Platforms

Posted on May 5, 2022 by Rabia Noureen

Microsoft, Apple, and Google have committed to expanding passwordless sign-in… Continue reading Microsoft, Google, and Apple to Expand Passwordless Login Across All Major Platforms→

What security measures does YubiKey take to secure its hardware from malicious firmware tampering? [closed]

Posted on April 4, 2022 by Sir Muffington

We’ve all certainly heard about the widely overhyped BadUSB exploits on the Physon microcontrollers.
There’s certainly a high potential of gaining something by targeting such a specific device, which is designed to only contain secrets.
Ev… Continue reading What security measures does YubiKey take to secure its hardware from malicious firmware tampering? [closed]→