Benutzerhinweis: die Deutsche Bahn unterstützt ab sofort #Passkeys
als Anmeldemethode für Webseite und App.

Soeben mit einem #Yubikey 5 und dem Dienst-iPhone getestet, es funktioniert einwandfrei.

https://www.bahn.de/faq/pk/service/kundenkonto/passkeys

#dbag #fido2

The Camera Connection Kit is such an underrated accessory on older devices which still uses lighting.
As suggested by the name it allows you to connect your cameras to transfer picture but it supports many other USB devices such as USB mass storage devices, USB keyboards and even #YubiKey authentication tokens.

Spent the last week diving deep into E2EE and encryption. Decided to do it right: generated a fresh GPG key on my own hardware using Vanity GPG.

Managed to "mine" 10 trailing zeros for the fingerprint in just 5 minutes on the M4 Max—the performance is wild.

Chose ECC (Curve25519/Ed25519) for that perfect balance of speed and high security. Moved the private key to my YubiKey, and now signing GitHub/GitLab commits is just a single tap away.

My brain loves manual protocols, and there’s something deeply satisfying about hardware-backed trust. I know, I'm late to the party, but it feels good to finally have that "Verified" badge.

#GPG #Cryptography #YubiKey #Infosec #M4Max #OpenSource #Privacy #Ed25519 #CyberSecurity #Mastodon #Fediverse

Ever tried to unlock the screen of GNU/Linux, with a YubiKey USB, in KDE, password-less?

Maybe because you are in front of a wide audience and you cannot type a passphrase in front of cameras / eyes?

Here guide! You're welcome!
→ https://superuser.com/a/1934175/390314

(P.S. link will be deleted in 3... 2... lol)

#YubiKey #KDE

@rjayasinghe an diesem Thema bin ich auch gerade dran. Im Vorfeld habe ich mir allerdings noch zwei #Yubikey bestellt.

Yubikey is an absolute treat. Newly installed everything on my pop os cosmic laptop and I signed in to everything with a yubikey. No hassle of passwords much. What a seamless experience!

#yubikey #linux

To contrast Paypal with Cloudflare, this is how you do it correctly.

I was able to enroll all three of my hardware keys ( @nitrokey , @yubico , and Token2) without issue. No one key limits and no being forced into software backups.

When a platform actually respects FIDO2 as a standard, you can have true hardware redundancy.

Of course, I will mention all of this in my upcoming security key series.

#CyberSecurity #FIDO2 #Nitrokey #YubiKey #Token2 #Hardening #TerminalTilt #Cloudflare #Privacy #Security

Today's nerd activity: my new YubiKeys have arrived in the mail, so I'm conducting a risk assessment of my most frequently used online accounts, adding the hardware keys, and for the most critical accounts, planning to replace the TOTP codes in my password manager with hardware TOTP.
#security #passkeys #yubikey

Der #Yubikey Support bei #Mailbox_org soll "irgendwann" wieder kommen. Bis dahin kann man #TOTP nutzen, ich denke das kann man gelten lassen. Im gegensatz zu #Proton gibt es dort auch kein Problem mit Kontakten und Kalender, das freut die Familie. 😀

Today I thought, what if I take the nix flake I use to manage my dotfiles and machine setup, and just make an ISO out of it, and then flash it onto a USB stick. I can now basically plug in my "full setup" in any computer I happen to find anywhere.

My SSH, AGE and GPG keys are on my Yubikey. I literally bring up a pinentry dialogue as soon as desktop-session starts (Hyprland), which uses my Yubikey to decrypt secrets, and connect to my Tailnet using an Auth Key.

#Nix #NixOS #Yubikey #GPG

Set up GPG signing keys, SSH keys, AGE keys on my new YubiKeys. Really really nice process. 9/10 would recommend.

#Yubikey #Cybersecurity #infosec

Vettem egy YubiKeyt 😄 Egyelőre csak a jelszókezelőhöz van bekötve, de kíváncsi vagyok, ti mire használjátok még. Tippek jöhetnek! #yubikey #security

I am raising $50 to pick up a pair of open-source security keys (SoloKeys or Nitrokey). I'd love to do a review or series about these!

The Mission: Kill off SMS based 2FA and move to hardware backed FIDO2 for my desktop and Proxmox logins. It is time to move my security away from a SIM card and into my own hands.

Testing Password Managers: Moving on from KeePassXC + Syncthing (it has served me well but can be fickle) to try out Proton Pass, which also supports hardware keys. I also had good experiences from Bitwarden and VaultWarden.

Which do you prefer for Linux? :gnu: :tux:

I would greatly appreciate any support of the goal here: https://ko-fi.com/terminaltilt/goal?g=0

I also have a LibrePay (which is much more privacy respecting) here: https://liberapay.com/terminaltilt/donate

#Security #Privacy #GNULinux #GNU #Linux #SoloKeys #NitroKeys #YubiKey #Yubico #2FA #ProtonPass #KeePassXC #Syncthing #SelfHosting #Homelab #Bitwarden #Vaultwarden #MutualAid #MutualAidRequest #QueerMutualAid #DisabledMutualAid #DisabilityMutualAid #QueerAid #QueerTech #DisabledCreator

Signal creator Moxie Marlinspike wants to do for AI what he did for messaging.

https://arstechnica.com/security/2026/01/signal-creator-moxie-marlinspike-wants-to-do-for-ai-what-he-did-for-messaging/

The idea might sound nice, but there are caveats.

First of all, PassKeys? This screenshot is what I see on my Firefox 146.0.1 on Linux. Hopefully I can use a FIDO2 token like a YubiKey instead? I will test it later.

Second, the whole security seems to rely on TEEs, which are notorious for... well...

https://en.wikipedia.org/wiki/Software_Guard_Extensions#List_of_SGX_vulnerabilities

I'll be honest, I'm not sure AI assistants can ever be made really private, save for self-hosting open source models. But still, much much better than the current Gemini, ChatGPT, etc. Like Signal was not the perfect solution for IM but moved the world toward a better state overall, I wish @moxie all the best with Confer.to because it would be good for all of us.

#ai #llm #signal #confer #yubikey #passkeys #linux #privacy #security

Pitfalls:

1. When passing -O verify-required to ssh-keygen, you have to disable SSH authentication agent, e.g., using IdentityAgent none in your SSH config. This is a known bug.
2. If you are using custom key files (without id_ prefix), you need to explicitly define path to key file, e.g. using IdentityFile in the config.

#ssh #yubikey #fido2

Oh wie schön, die Deutsche Telekom #dtag bietet beim Login gleich das Hinzufügen eines #Passkey an.

Leider ist mein Gerät nicht für Passkeys geeignet, ich kann also weder einen #Yubikey, #Token2 oder #Thetis via #Firefox oder #Chrome ausrollen.

Da muss man sich in der Implementierung schon richtig Mühe geben, um Hardware-Passkeys auszuschließen.

#Passfail

Really a good video about #passkey
https://youtu.be/xYfiOnufBSk

I'm very happy to have working usb-c #yubikey with my #mobilelinux
It gives more confidence when need to deal with not mature ecosystem.

@stairjoke For #Yubikey you can use their Authenticator app, it allows changing the PIN code for passkeys https://www.yubico.com/products/yubico-authenticator/

When setting up a new hardware key, this feels very insecure. I’m entering the new PIN for it into my browser of all things… What is the recommended way to set a PIN on a #YubiKey and #Token2 using a Mac or Linux machine?

I need your wisdom:

SSH keys on Yubikey:

• Discoverable/Resident, or
• Non-Discoverable/Non-Resident

I really appreciate it, if you could also explain the rationale behind your choice.

Thanks.

#yubikey #ssh #fido2