Collaborate Disseminate
The Register has an article on Passkeys, and one of the issues they use to argue that they are unlikely to be widely adopted is:
The process is bootstrapped by getting the user to authenticate using a traditional approach (such as usernam… Continue reading Does a Passkey authentication system need bootstrapping by username and password?
In previous question I asked about simple login systems, and WebAuthn was the answer. From a brief read of the web pages I THINK it is possible to create a standalone GPL implementation of Passkeys that can be freely backed up/duplicated … Continue reading What is the easiest way to have a standalone implementation of Passkeys on generic hardware with backup?
I am quite new to this universe of Yubikey in general and really starting to use them and get into it only now, so please, bare with me.
I noticed that it is now possible to login to github without having to put a combination of username+p… Continue reading Yubikey 5 NFC, passkey and Android [closed]
I want to implement passkey support as a full replacement for passwords but I have some server-side state that still needs to be encrypted to a specific user in a way that can not be decrypted or reproduced on the server side without a use… Continue reading Storing a server secret in a user passkey user id
I want to implement passkey support as a full replacement for passwords but I have some server-side state that still needs to be encrypted to a specific user in a way that can not be decrypted or reproduced on the server side without a use… Continue reading Storing a server secret in a user passkey rawId
Users can now save passkeys to Google Password Manager on computers running Windows, macOS, and Linux, in addition to Android devices.
The post Google Now Syncing Passkeys Across Desktop, Android Devices appeared first on SecurityWeek.
Continue reading Google Now Syncing Passkeys Across Desktop, Android Devices
I am trying to figure out the implications of authentication technologies. Answers to a previous question indicate my real question is more "meta than that.
The primary requirements for an authentication system from my point of view… Continue reading Is there a private, secure and easy login system?
Passkeys prevent phishing, no one can make you login remotely (without exploits) and if they are hardware based and never leave the hardware, them even exploits might have a hard time getting them.
However, very simple exploits could still… Continue reading Is there an equivalent to passkeys but to prevent cookie stealing?
According to different pages (e.g. OneIdentity, also a Google Security source I can’t find anymore), using Passkeys does count as Multi Faktor Authentication. To my understanding, they argue, that the User needs
the device,
and needs to b… Continue reading Passkeys: MFA or not?
I’m trying to create a simple web-app (for personal use, but also trying to learn some things along the way). If the stack is important, I’m using:
SvelteKit for Frontend
Netlify Functions for the API
Supabase for the DB (not auth, just D… Continue reading Considerations when setting up passkey + TOTP login