At #Authenticate this year, @iamkale, Nishant, and I decided to mix up the usual "Passkeys 101" and cover common misconceptions about #passkeys. Topics around cloud sync, phishing resistance, workforce usage, and concerns about vendor lock in.

https://blog.timcappalli.me/p/preso-authn25-myths/

Tying to fix my parents' in law's apple stuff. They cannot access the appstore on their #iphone (running under an appleID), to get an app, because the #appstore app wants an appleID / #apple account #password - which they no longer know. They can log into their #macbook as a user (same appleID) with their mac_book_user_password
Do I understand it correctly:
they can choose a new #appleid #appleaccount password (to a access the appstore etc.) using the mac_book_user_password to #authenticate ?

📢 Reminder: Rate limits have been introduced for excessive API queries from unauthenticated users to keep the platforms running smoothly for everyone.

If you experience issues #Authenticate – it’s quick, easy to do, and helps ensure the platforms are stable for all.

#SteadyPlatform #SteadySignals 🧘

### #Cloudflare open sources #OPKSSH to bring Single Sign-On #SSO to #SSH

This week, it was officially open-sourced under the umbrella of the #OpenPubkey project, itself became a #Linux Foundation open-source initiative in 2023, OPKSSH remained closed-source until now. Making it easy to #authenticate to #servers over SSH using #OpenID Connect (#OIDC), allowing developers to ditch manually configured SSH keys in favor of identity provider-based access.

https://www.helpnetsecurity.com/2025/03/28/opkssh-sso-ssh/

Jos #2FA-tunnistautumisessa pyrkii eroon amerikkalaisista #Google'n ja #Microsoft'in #Authenticate-sovelluksista, mikä olisi suositus? #FLOSS toiveissa. #atkjuttuja

Make sure you're authenticated to awaken new features and 🕵️‍♂️ hunting capabilities within our platforms. Will you authenticate and embrace the power? 🧑‍💻⚡

Remember: The time has come to limit query volumes for unauthenticated users that query the platforms excessively. Let’s keep them running smoothly for everyone 🟢 - there's no need to hammer the platforms, even if you are authenticated!

#ItsComing #NewHuntingPower #BeReady #Authenticate

→ Pairwise Authentication of Humans
https://www.schneier.com/blog/archives/2025/02/pairwise-authentication-of-humans.html

“Here’s an easy system for two humans to remotely authenticate to each other, so they can be [more confident] that neither are digital impersonations.”

PeerAuth → https://ksze.github.io/PeerAuth/

#Pairwise #humans #authenticate #impersonations #PeerAuth

How To Generate A SSH Public And Private Key Pair Using PuTTYgen To Connect To Your VPS https://youtu.be/4DbtuYBLCbk #Websplaining #PuTTYgen #PuTTY #SSH #SshKey #SshKeyPair #Authentication #Auth #Authenticate #VPS #VirtualPrivateServer #VPS #Cloud #CloudServer #Server #GpuServer #GPU #GenerateSshKeyPair

@kkarhan

thanks for the reply! far from being discouraged, i appriciate your engagement. i will try to be reasonably brief in my reponse to your points and give a general update on progress and objective.

> scout out existing solutions

i have seem similar #webapp implementation, i think so far for "that kind" of chat app, the chat app is able to demonstrate similar basic functionality. for a wider adoption, the user interface needs to be more appealing, but i think its important to have a working proof-of-concept first. the project is specifically aiming to be a #javascript #localFirst #webapp.

a couple notable similar implementation to mine are:
- https://github.com/cryptocat/cryptocat
- https://github.com/jeremyckahn/chitchatter
(im sure there are many more, but i think my approach is yet different and unique to the ones i've come across.)

> DO NOT DIY ENCRYPTION!

this is indeed a reccomended practice i have seen several times. here is a previsous reddit post on the matter: https://www.reddit.com/r/cryptography/comments/1cint8h/what_are_your_thoughts_on_subtlecrypto_vs_wasm ... tldr; the underlying implementation provided by the browser is the best way to go. i have implemented the #encryption using the #webcrypto #api. i aim to not use a library for this.

i generally try to word things in a way that users can provide feedback on features. the app is still in a very early stage, but has a reasonable amount of features. im generally open to requests and questions.

> minimum viable product

what you see as the chat app is also the #minimum #viable #product. i think its sufficiently demonstrates the basic functionality of a chat app. i think the next step is to make the app more stable and user friendly.

those other apps youve mentions ive come across before. what sets my approach apart is that mine it's purely a webapp. with what id like to describe as #p2p #authentication over #webrtc, im able to remove reliance on a backend for #authenticate #data #connections. in some cases, bypass the internet (wifi/hotspot). while there are several ways to #selfhost, in this approach of a #javascript implementation, im able to store large amounts of data in the browser so things like images and #encryptionKeys can be #selfhosted" in the browser. while this form has nuanced limitations, it also has interesting implications to security and privacy.

there are many nice features from the different apps you mentioned and i think i have some unique features too. the bottle neck in this project is that i dont put in enough time to the app.

> feel free to slowly ibtegrate them.

this is basically already my approach to get the app to where it is now.

thanks for the luck, take care and i hope you stay tuned for updates.

If anyone is at Authenticate and spots some unusual models or colors of security keys not shown here, or stickers or other ephemera... photos or samples appreciated! :D

#Authenticate #Authenticate2024

»#Threads says it will make its #API broadly available by June: The API currently allows users to #authenticate, #publish threads and #fetch the content they post through these tools.« https://techcrunch.com/2024/03/01/threads-says-it-will-make-its-api-broadly-available-by-june/?eicker.news #tech #media

If you're using #1Password and you haven't tried their #CLI utility yet, do it!

I've started using it to feed my #Ansible playbooks with necessary secrets, and the simplicity of it just makes me happy. (Also my inner 12-year-old thinks it's really cool to #authenticate biometrically when running a #shell #script.)

https://oxcrag.net/blog/2024/01/10/Ansible-Secrets-Management-With-1Password.html

Recently several #Canadian organizations have asserted to me that typing my name into web form constitutes a "Digital Signature". Are they just making shit up, or is there any #legal validity to this idea? I guess it's similar to clicking an "I agree" button. In the first case I was authenticated to my university's sketchy web #SSO (they all seem sketchy to me). The second case was even more dubious, as I was renewing my driver's license, and all of the information used to #authenticate is on the license card.

Securely #authenticate to #GoogleCloud from #GitHub https://blog.frankel.ch/authenticate-google-cloud-github/

#fromthearchives

If you use #biometric means for #commercial purposes, not just a way for your employees to #authenticate to company devices/facilities, the #FTC is putting you on notice. Only 3 states (as of today) have #Biometric #Privacy #Laws in place - more than a dozen are working on #legislation now. The #ADPPA will have provisions for Biometric Privacy with regards to commercial use, but that's probably 12-18 months out (at least) from becoming a law. Check this article out. #Illinois isn't playing around: https://www.scmagazine.com/news/identity-and-access/ftc-to-crack-down-on-biometric-tec[…]GxNNIwwXOzak6aUeaAfVN26zQDToKa3VkfI6YAs3wvdfv-Woge99JpOxqlA

#PrivacyLaws #CyberSecurity #ThreatIntelligence #WatchYourAsses #BreachNotificationRule

Is there an easy way how to #authenticate #linux with
#azureMFA via #azuread

I know there's the "authenticate yourself via your website" thing but I want to see photos of people balancing sticks of rhubarb on their head while clutching a fish slice with a copy of today's newspaper hanging off it to prove who they are like in the good old days!

#proveit #proof #authenticate #mastodon #twitterexodus

@wolf480pl deep fakes will always be detectable by amateur investigators us OSInt and FOSS forensics tools. So liars and cheats will quickly lose influence as happened to Putin's propaganda machine at the start of the Ukraine war. And physical cameras will use #steganography to #authenticate and watermark real images with serial number and date/time if #deepfakes become undetectable . #AI hasn't broken encryption... yet.