I switched my main SSH keys to be stored on my Yubikeys. It’s going to be interesting if this is a viable approach or not. It’s a shame there’s no PIN caching mechanism with FIDO2.

#infosec #fido #fido2 #security

Salut Masto, je cherche à acheter une clé de sécurité FIDO2 pour sécuriser l'accès à mes services gouvernementaux ici en Tchéquie.

Le fournisseur d'identité recommende YubiKey 5 (ou NFC) ou bien la IdemKey (GoTrust).

Est-ce que vous avez les mêmes recommendations?

#FIDO2 #YubiKey

@martinsteiger
Das liegt aber nicht an #mTAN per se, sondern an der Applikation/Firma, die mTAN einsetzt.

Auch bei #FIDO2-Keys sind die Prozesse nicht abhängig vom Key, wie man Notfallkeys (rechtzeitig, also vor Verlust/Defekt des Keys) bekommt bzw. wie man danach – in Ermangelung von Notfallkeys – einen #2FA-Reset sicher triggert

📢 Recommandation pour étendre la norme FIDO2 dans le secteur bancaire
📝 L'article publié par l'Association suisse des banquiers (SwissBanki...
📖 cyberveille : https://cyberveille.ch/posts/2025-06-12-recommandation-pour-etendre-la-norme-fido2-dans-le-secteur-bancaire/
🌐 source : https://www.swissbanking.ch/fr/medias-politique/actualites/modification-de-la-norme-fido2-renforcer-la-securite-numerique-pour-les-banques-suisses-et-leurs-clients
#FIDO2 #authentification #Cyberveille

🍋 LemonLDAP::NG 2.21 is out!

🔗 Read our release notes: https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-1-is-out/

@ow2

#IAM #SSO #CAS #SAML #OpenIDConnect #OW2 #lemonldap #lemonldapng #Passkeys #Passwordless #WebAuthn #FIDO2 #WebSSO #OpenSource #FreeSoftware #LogicielLibre #Perl

Going abroad this week so prepared by finishing a LUKS setup I should have done eons ago: https://juuso.dev/blogPosts/fido2-luks/multi-token-fido2-luks.html #fido2 #linux

#Passkeys are for people who only use one device to access the Internet, or multiple devices that are all made by AAPL/GOOG.

If you use Firefox on Ubuntu, Edge on Windows, Safari on Mac OS, and Chrome on ChromeOS you will have a bad time.

#webauthn #fido2 #passkey #auth #authentication

Weekly output: Zipline drones, fixed wireless broadband, AI transformations, Dashlane, AI fairness, FCC resignations, AI resiliency, National Capital Radio & Television MuseumM

My third week in a row of business travel had me in Santa Clara, Calif., from Tuesday through Friday–at a venue I’d last set foot in at the Demo conference in 2013.

6/3/2025: Inside Zipline’s high-tech drone factory where delivery innovation takes flight, Fast Company

My decision to book an early-afternon flight from SFO to National at the end of my Google I/O trip last month paid off when I used that time to visit the drone-delivery startup Zipline’s factory in South San Francisco. I followed up that visit by quizzing an executive from the firm a week later.

6/3/2025: Fiber Is Fast, But 5G Home Internet Is More Appealing for One Reason, PCMag

I didn’t want to write up this J.D. Power customer-satisfaction survey without getting some answers about the weirdly-high scores for old, slow digital-subscriber-line services.

6/4/2025: Transforming Industries with AI & Big Data—Success Stories from the Frontlines, TechEx North America

The first of three panels I did at this conference at the Santa Clara Convention Center (with the organizers covering my lodging and reimbursing my airfare) reunited me with a fellow panelist from 2021: Lufthansa Industry Solutions’ Stanislaw Schmal, who was on a panel I did at my first post-pandemic conference trip in September of 2021. It was a treat to have Stan on stage again, and he and my other panelists–Oracle’s Shasank Chavan, Ford Credit’s Manav Khatri, Airbnb’s Dror Engel, and Deepgram’s Kris Efland–made my panel-moderation work easy.

6/5/2025: This Password Manager Now Lets You Create an Account Without a Password, PCMag

Dashlane gave me an embargoed copy of their announcement of their new option to let people create accounts secured only by USB security keys, but that left me a little fuzzy about how exactly this would differ from that password-manager service’s existing support for passwordless authentication–and my editor was fine with holding the post until I could get those details cleared up.

6/5/2025: AI Fairness and Bias Mitigation—Advanced Approaches, TechEx North America

My second panel had me quizzing JPMorgan Chase’s Naresh Dulam, Aon’s Aras “Russ” Memisyazici, and PwC’s Ilana Golbin Blumenfeld about how to avoid having AI systems amplify human biases.

6/5/2025: Who’s Running the FCC? Surprise Resignation Reduces the Agency to a Duo, PCMag

I’ve been writing about the Federal Communications Commission for well over two decades, probably closer to three, and I can’t remember a commissioner announcing a resignation on a Wednesday effective on Friday of the same week. Also unprecedented: having this five-member commission reduced to two people.

6/5/2025: Building Resilient AI Infrastructure, TechEx North America

My last panel at TechEx was a late addition when another moderator dropped out; when an event paying your travel asks for you to pitch in, it’s a good idea to be a team player. My teammates on this panel: Ford Motor Company’s Robert Gray, Oracle’s Iman Zadeh, Red Hat’s Mark Kurtz and InfoVia’s Mike Magalsky.

6/6/2025: Spotify Takes Flight on United Airlines: Here’s What You Get, PCMag

When I got to try this on my flight from San Jose to Houston Friday, I realized that United’s implementation of Spotify did not include the ability to listen to the airline’s longtime theme song, “Rhapsody in Blue”–which made the lede I’d written incorrect. Instead of just rewriting that, I opted to take notes on the experience over that three-plus hour flight and rewrite the entire post.

6/7/2025: This Little Museum Outside DC Offers a Deep Dive Into Retro Radio and TV Tech, PCMag

My friend and longtime CES fellow traveler Gary Arlen suggested that I visit the National Capital Radio & Television Museum in Bowie, Md., where he’s a docent, and I took him up on that advice in February. Then I didn’t write the post until March, after which my client needed a little longer to get the story edited and published.

#AI #artificialIntelligence #conference #Dashlane #droneDelivery #DSL #FCC #FIDO2 #fixedWireless #JDPower #NationalCapitalRadioTelevisionMuseum #passwordManager #SantaClara #Spotify #techHistory #TechExNorthAmerica #UA #UnitedAirlines #vacuumTubes #vintage #Zipline

Explain #passkeys to me like I'm your grandparents.

#2fa #authentication #security #fido #webauthn #fido2 #otp #yubikey #password #auth

2/MFA is good, but have you tried quickly and easily accessing your digital stuff?

if I have to talk to a bot via landline, or use an optical TAN reader again, I may cry

bring on #webAuthn #FIDO2 everywhere please

Ok with #passkeys booking.com went from one of the worst to a mediocre login experience.
It would be wonderful if there was a setting to skip #TOTP, when signing in with a resident key.

#FIDO2

Saving for later: Unlock LUKS volume with a YubiKey

https://www.guyrutenberg.com/2022/02/17/unlock-luks-volume-with-a-yubikey/

Use the dracut config from Wouter in the comments. If you set no PIN on the YubiKey, you can boot without a keyboard. You can use the same YubiKey for multiple machines.

#linux #luks #fido2

I have wanted to use my Yubikeys for a secure SSH login for some time now. But like @jgoerzen, I have come across many incorrect, poorly explained and inadequately explained instructions. It looks like John has now written the ultimate guide for #SSH with #FIDO2/U2F hardware keys that beats all other guides I know of.

https://www.complete.org/easily-using-ssh-with-fido2-u2f-hardware-security-keys/

Anyone familiar with #FIDO2 / #Passkeys could you please #help me here?

Accoding to Yubico docs on Passkey, the client/client device uses #CTAP2 to communicate with platform authenticators. This sounds a bit strange to me, aren't there internal APIs on the platform that are called here? Isn't CTAP2 exclusive to #roaming authenticators?

#advice #thaks

https://developers.yubico.com/Developer_Program/WebAuthn_Starter_Kit/Platform_and_Roaming_Authenticators.html

#Google #Password Manager for #Android will automatically upgrade your passwords to #FIDO2 #passkeys

Already seen on Google Play Services beta (25.19.31)

The upgrades use the #WebAuthn conditional registration extension, which has to be supported by the relying party

https://www.androidpolice.com/google-may-auto-convert-passwords-to-passkeys-on-android/

Very happy to finally be able to use my yubikeys on my phone (GrapheneOS, without Play services) 🤗

Most of the pieces were already there, it only missed to be assembled into a Credential Provider, which is finally done with HW Fido2 Provider

#fido2 #passkey #yubikey #android

Эволюция одноразовых кодов: от TAN к Passkeys

От TAN-листов и SMS-кодов до Passkeys и FIDO2 — за 20 лет одноразовые коды прошли путь от бумажек до криптографии. Почему TOTP стал стандартом? Чем push-уведомления лучше? И правда ли, что будущее — без паролей? В статье — краткий и наглядный разбор всей эволюции OTP: алгоритмы, уязвимости, UX и рекомендации для современных систем.

https://habr.com/ru/articles/906750/

#totp #passkeys #fido2 #u2f #2fa #pushуведомления

Did you know you can manage resident #Passkeys on your #YubiKey or other #Fido2 key with just your web browser?

In Chrome:
–Open the settings screen
–"Privacy and Security"
–"Security"
–"Manage Security Keys"
–"Sign-in data"

Or you can put chrome://settings/securityKeys in the nav bar.

#Microsoft role out #passkeys by default but ... require you to install a Microsoft app on your phone to use it.

Requiring a proprietary app makes a mockery of the open #fido2 standard and if they haven't used this as another tracking opportunity I'll eat my hat.

At every turn Microsoft finds a way to lock down their users (I'd use "customers" but users are more like cattle to big tech rather than people who choose to give their custom)

Ditch the lot! #openSource alternatives exist.