Collaborate Disseminate
I’m assuming instead of saying "forgot password?" the text would say "lost your key?" or "don’t have your device?". But what would the process of secondary access look like in the future when passwords are ..a… Continue reading What is the equivalent of "forgot password" in password-less login applications using FIDO2 / Webauthn or later?
In theory, authenticating with a public key should be much simpler than with a password. There is nothing to remember for the end-user, and registration can be done just by clicking a button. For all intents and purposes, this should be mu… Continue reading Why is Webauthn not used as primary authentication method?
I would like to determine which combination of 2FA methods are the most secure, in the context of securing my website’s users. A standard website built with php/mysql/apache or nginx.
This also takes into account the usability and convenie… Continue reading Which 2FA combinations are the most secure going forward (for website authentication)? [closed]
I am currently investigating the idea of implementing FIDO2 (WebAuthN) support in native iOS using Swift. I understand that there is no FIDO2 support in native iOS, and only available through Safari native app, but Safari is not an option … Continue reading Implementing FIDO2 (WebAuthN) in Native iOS
The Web Authentication API allows websites served via HTTPS to allow users to authenticate via asymmetric encryption. The procedure for login is basically the following:
Server sends a challenge (16 random bytes);
Client signs the challen… Continue reading What are the benefits of using WebAuthn?
So I have this application with a web frontend where users can exchange data in an end-to-end encrypted fashion.
Those users each have a client-side generated RSA keypair. The public part is stored in the server’s database to be used when … Continue reading Store or protect a secret with a WebAuthn device
I’m trying to learn a bit about authentication and security protocols at a 10,000 foot level. I was reading about WebAuthn here: https://webauthn.guide/ and here:
https://webauthn.io/
I’m sure what I’m about to ask has obvious answers, bec… Continue reading WebAuthn – What am I missing?
In episode 128 for July 6th 2020: In episode 128 for July 6th 2020: New TikTok privacy concerns, the rise of macOS ransomware, and details on new research about bad password choices. ** Links mentioned on the show ** Family Safety and Security with And… Continue reading TikTok Privacy Concerns, macOS Ransomware, Bad Passwords
Mozilla is fixing a longstanding password problem to alert users when their password exceeds the maximum length allowed. Continue reading Firefox to tell you if sites are shortening your passwords
In episode 118 for April 27th 2020: A discussion about the end of passwords and what the future may hold with special guest Andrew Shikiar executive director of the FIDO Alliance. ** Show notes and links mentioned on the show ** Find out more about the… Continue reading The End of Passwords as We Know It