had a nice (but crowded) time at the anarchist book fair workshops today, specifically the one about not owning a phone! lots of great convos, philosophies, and modes of existence without cell phone!

lots of interest about, and shoutouts for @cwtch, @delta, and @briar -- e2ee (group) messengers that dont require a phone number (as a replacement for @signalapp)

lots of interest in #U2F, #FIDO2 hardware #2FA devices (as a replacement for SMS or push). i also recommend @keepassxc for keeping TOTP tokens!

really appreciated hearing all the side conversations about @tails, @Mastodon, and other decentralized tech

they are already planning the next one in 2026! anarchistbookfairamsterdam.org @AFA

#anarchistbookfairamsterdam #amsterdam #anarchism #bookfair #anarchistbookfair #activism #netherlands #antifascism

Ważna informacja dla użytkowników kluczy U2F na X (Twitterze) [poradnik]

X (Twitter) ogłosił, że 10 listopada całkowicie przestanie używać starej domeny twitter[.]com. O ile znaczna większość funkcjonalności platformy została bezproblemowo przeniesiona na x[.]com, o tyle jedna – dość istotna – nie daje takiej możliwości. TLDR: Mowa o sprzętowych kluczach U2F (choć precyzyjnie mówiąc, chodzi o urządzenia w standardzie FIDO2), które...

#WBiegu #2Fa #Awareness #Klucze #Twitter #U2f #X

https://sekurak.pl/wazna-informacja-dla-uzytkownikow-kluczy-u2f-na-x-twitterze-poradnik/

The solution that worked:
"security.pam.services.doas = {
u2fAuth = true;
}"
Adding this into your configuration file will ensure that doas uses u2f authentication... I'm dumb :neocat_cry_loud:

#NixOS #linux #LinuxTechTips #U2F #security #yubikey

#doas doesn't seem to support #U2F on #NixOS it's weird and should work but doesn't as /etc/pam.d/doas doesn't contain pam_u2f.so and /etc/pam.d/sudo does contain it..

FYI: I have added "security.pam.services.sudo.u2fAuth = true;" to config and as I see there is no same option for doas and I also tried other hacky ways with no hope.

Passwords are on the way out. Discover how U2F security keys are stopping phishing attacks and winning over tech giants. Could this be the future of online safety?

https://thedefendopsdiaries.com/universal-2nd-factor-u2f-a-new-era-in-online-security/

#u2f
#onlinesecurity
#cybersecurity
#phishingprotection
#authentication

Эволюция одноразовых кодов: от TAN к Passkeys

От TAN-листов и SMS-кодов до Passkeys и FIDO2 — за 20 лет одноразовые коды прошли путь от бумажек до криптографии. Почему TOTP стал стандартом? Чем push-уведомления лучше? И правда ли, что будущее — без паролей? В статье — краткий и наглядный разбор всей эволюции OTP: алгоритмы, уязвимости, UX и рекомендации для современных систем.

https://habr.com/ru/articles/906750/

#totp #passkeys #fido2 #u2f #2fa #pushуведомления

I am making a dirt cheap @yubico Security Key alternative - a #passkey with #FIDO / #U2F / #FIDO2 / #WebAuthn support using $5 Waveshare #RP2350-One and open source Pico Keys: https://picokeys.com

Imagine waking up to find your email, social media, or crypto account hacked. Your money, crypto and private data - gone in seconds.

Sounds like a nightmare? The good news is, there’s an easy way to stop this from ever happening. A simple USB security key makes your accounts unhackable - even if your passwords get leaked.

We explain how it works here: https://auriccrypto.com/articles/guides/the-ultimate-way-to-protect-your-online-accounts-from-hackers/

#Cybersecurity #Crypto #Hacking #Security #U2F #Passwords #ScamAware

I am looking to buy a set of hardware security keys. The #yubikey seems to be the most common and best documented, but the lack of open source and upgradable firmware puts me off. #nitrokey seems like a better option in this regard, but the design is not as nice. I would also very much like a key that combines both USB-A and C. I have now found the #token2 [PIN+ Dual Release3](https://www.token2.com/shop/product/pin-dual-release3-fido2-1-key-with-openpgp-and-otp-and-dual-usb-ports) which fulfills this, but the company is completely unknown to me, and I haven't found much discussion of their products online, which makes me a bit reluctant. They are, however, a member of the FIDO alliance, which is reassuring. The Linux support for their tools also seem to be second-grade. Does anyone have any experience with them?
I intend to use the key for FIDO U2F/FIDO2 authentication, as well as TOTP for the services that do not yet support FIDO. I also want to use it for storing my PGP and SSH private keys.
#U2F #FIDO #FIDO2 #TOTP #hardwaresecuritykey #cybersecurity

I was locked out of my work machine earlier, but it was due to an update of the Yubikey PAM U2F bindings. In case others have the same problem:

https://mwop.net/blog/2025-01-15-pam-yubikey-1.3.1-fix.html

Frankly, this was a horrible rollout of a security fix, as there's no obvious remediation, and many folks may not have the ability to boot with a rescue drive to workaround the issue.

#yubikey #u2f

So, it has been like three months using FIDO/U2F keys instead of passwords. Both in my NetBSD and Arch systems.

I use a "medium" quality password to decrypt the filesystems and other one to decrypt the password manager. And that's it.

No password to log-in, to unlock screen, to run doas/sudo, etc. Just this little penguin and press its button.

Also, I'm using this as 2FA for all websites that support it. Lemmy doesn't. It's the only place where I don't use it, yet.

Because U2F uses the domain name, this is a strong protection against phishing. A similar domain may trick my eyes, but not the key.

I'm very bad at memorizing passwords, and worse at typing them. Unlocking the screen without typing my password like 3 times is a bless.

The problems: if my laptop is decrypted anybody with this penguin is root. It's kinda my Horcrux. Also, I need a second one stored safely as a backup.

So I officially have two horcruxes. Destroy both and I can't log-in anywhere.

#fido #u2f #infosec #NetBSD #arch #keepass #password #horcrux

@aleidk I use the keys for stuff like GitHub, my Fediverse account and a Google account. The important stuff, like banking, access to the ISP and mobile phone provider account don't support them, so: nice, but.

Actually, the expensive #YubiKey Series 5 can also store #OATH #TOTP seeds, which can be useful for a bunch of other accounts: mobile phone brand, Amazon and many more. Note that #TOTP is not #FIDO2 nor #U2F.

Do you use your Flipper Zero as a second factor?

The Flipper Zero can be used as an U2F device (like a Yubikey) to provide a second factor for various online services (e.g. Google, Github). I might want to look into it, and you can help me determining how many people are using it.

#FlipperZero #u2f #webauthn #Passkey

For the last few months, I had a strange issue with my Fedora 40 installation which was driving me mad.

When I had the computer running for some time, I couldn't use more than one browser, because the other couldn't even start or couldn't load websites. It was happening with Firefox and any other chromium based browser. It was unpredictable and nothing conclusive was visible in the logs and strace just showed it was waiting for something I had a hard time identifying.

Then I installed Fedora 41 on a laptop and it started to happen immediately there - not just after some time, immediately!

I took the laptop out from USB-C display to look at it in another room and it stopped.

Then I vaguely remembered I put an U2F key to my screen's usb hub for convenience of use and the issues started some time after that.

Yep. It was the key. When it's connected through the USB hub in my screen, the browsers somehow "battle" for it 🤦‍♀️ It's a normal USB-A U2F key by IDEM. Never heard about such issues, and the key is working normally when connected to the computer directly.

#JustLinuxFun #Linux #U2F #FIDO #Chromium #Firefox #usb

Good news - my #bank started #U2F support on their website.
Bad news - it is possible to add only one key...

Polish services and their #security implementations... :blobfoxannoyed:

#2FA

🇵🇱 Nowy wpis na blogu! / 🇬🇧 New blog post!

Brawo dla PKO BP za U2F ?

#2FA #PKOBP #Santander #U2F #Yubico #YubiKey

Autor: @to3k

https://blog.tomaszdunia.pl/brawo-dla-pko-bp-za-u2f/

@jerryd dlatego zawsze kupuje się dwa takie klucze i robi się z nich dwa bliźniaki, z których jeden masz przy sobie, a drugi w bezpiecznym miejscu jako backup. iPhone nie byłbym dobrym #U2F

CyberPiekło zamarzło! #PKO BP wprowadziło obsługę kluczy #Yubikey! 🤯 #2FA #U2F
Czyżby sektor bankowy w końcu wkraczał w XXI wiek?! Jeszcze niedawno otrzymałem od innego banku komunikat, że hasło do konta nie może być dłuższe niż 16 znaków…

On Friday the 13th don't let your online accounts fall into the wrong hands 🥷🥷

The Tuta Team recommends 👇👇👇

🔐 Protecting your email with end-to-end encryption: https://tuta.com/secure-email

🔑 Using extra login protections like a U2F device: https://tuta.com/blog/why-u2f-is-important

🔐 Keep your passwords safe in a password manager: https://tuta.com/blog/best-password-manager

#Friday13th #Protection #OnlineSafety #TutaMail #U2F #PasswordManager #Encryption