Collaborate Disseminate
I want to implement passkey support as a full replacement for passwords but I have some server-side state that still needs to be encrypted to a specific user in a way that can not be decrypted or reproduced on the server side without a use… Continue reading Storing a server secret in a user passkey rawId
I want to implement passkey support as a full replacement for passwords but I have some server-side state that still needs to be encrypted to a specific user in a way that can not be decrypted or reproduced on the server side without a use… Continue reading Storing a server secret in a user passkey user id
Users can now save passkeys to Google Password Manager on computers running Windows, macOS, and Linux, in addition to Android devices.
The post Google Now Syncing Passkeys Across Desktop, Android Devices appeared first on SecurityWeek.
Continue reading Google Now Syncing Passkeys Across Desktop, Android Devices
I am trying to figure out the implications of authentication technologies. Answers to a previous question indicate my real question is more "meta than that.
The primary requirements for an authentication system from my point of view… Continue reading Is there a private, secure and easy login system?
Passkeys prevent phishing, no one can make you login remotely (without exploits) and if they are hardware based and never leave the hardware, them even exploits might have a hard time getting them.
However, very simple exploits could still… Continue reading Is there an equivalent to passkeys but to prevent cookie stealing?
According to different pages (e.g. OneIdentity, also a Google Security source I can’t find anymore), using Passkeys does count as Multi Faktor Authentication. To my understanding, they argue, that the User needs
the device,
and needs to b… Continue reading Passkeys: MFA or not?
I’m trying to create a simple web-app (for personal use, but also trying to learn some things along the way). If the stack is important, I’m using:
SvelteKit for Frontend
Netlify Functions for the API
Supabase for the DB (not auth, just D… Continue reading Considerations when setting up passkey + TOTP login
Does anyone know what kind of keys are being generated when you make a Fido2/Webauthn passkey? rsa2048, rsa4096, Ed25519, or something else? Just worried if its rsa2048 it might soon be crackable, at least by state actors.
Continue reading Fido2/Webauthn Passkeys: rsa2048, rsa4096, or Ed25519?
Since I use 1Password to store my passkeys along with emails and passwords, it appears to be that passkeys are not as secure as using the email and password with U2F flow that I currently use on many websites/apps.
I am starting to think t… Continue reading How is a passkey more secure than the regular email/password with U2F key?
Today while signing on to Gmail with my iPad, I was prompted:
With passkeys you can now use your fingerprint, face, or screen lock to verify it’s really you.
I was wondering what the security pros and cons of setting up these passkeys?
… Continue reading What are the security pros and cons of setting up passkeys for Gmail logins?