betzerra<p>Has anyone experienced this error when using <a href="https://mastodon.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkeys</span></a> at <a href="https://mastodon.social/tags/apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>apple</span></a>? Password login works just fine. </p><p>cc <span class="h-card" translate="no"><a href="https://iosdev.space/@sanguish" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>sanguish</span></a></span> <span class="h-card" translate="no"><a href="https://hachyderm.io/@rmondello" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>rmondello</span></a></span></p>
#passkeys
11 posts8 participants0 posts today
Replied in thread
@maexchen1 @scuba_zeus @vowe Stimme ich voll zu. Mich nervt mittlerweile auch das sämtliche banken bei denen ich bin eine App benötigen für den Login. Ich mein, warum eigentlich? Ich will keine Banking App auf dem Handy. Wenn der normale Login unsicher ist, dann bietet halt #Passkeys an oder die Unterstützung von #yubikey. Das sind gesetzte gesicherte Standards, muss doch nicht jeder seine eigene App Entwickeln die benötigt wird zum Banking. Als Option gut und schön, aber doch nicht als Pflicht.
Replied in thread
@lsanoj Absolut!
Nicht zu vergessen: Das endlose Warten auf die Email oder SMS... Oder noch schlimmer, wenn man sich temporär auf einem Gerät anmelden möchte, welches einem nicht gehört. Good luck mit dem Abtippen des Links :D - dann ist dieser schon abgelaufen.
Email an sich ist super - Provider-unabhängige Kommunikation (was ja bei Messaging komplett schief geht: iMessage, Whatsapp, Signal, Messenger etc.)
Aber für einen Login-Prozess? Wenn passwordless, dann bitte richtig, mit #Passkeys.
I'm really wondering if syncable passkeys will turn out to be a mistake in the end.
For now it's a big improvement for almost everybody for now. But I'm wondering it's a question of time until the attackers catch up and figure out how to extract them, and then we're back where we started?
I love passkeys, but I'm really vary of storing all my eggs in one basket but everyone and their cousin is adding syncable passkey support to the password manager which makes the UX of keeping things separate really annoying.
And since the introduction of native webauthn support and then passkeys I have lost the ability to use the SEP as a non-syncable storage https://github.com/github/SoftU2F
I really liked how the keymaterial was locked into the SEP and "impossible" to export. But it was accessible with a simple TouchID.
While Apple does a lot of fancy stuff with SKP, it feels like that's so complex it can't be as secure.
Maybe something for @durumcrustulum and #scwpod ? The question being, does apple have some fancy crypto setup which makes extracting the passkeys uneconomical. How about the fact that I can unlock it with my N-pin passcode. Can I extract the keymaterial with that or only interact with it and get it to sign things for me?
Either way, I guess I won't be able to get rid of my Yubikey for a while still.
GitHubGitHub - github/SoftU2F: Software U2F authenticator for macOSSoftware U2F authenticator for macOS. Contribute to github/SoftU2F development by creating an account on GitHub.
Update SARIF upload to use proper branch (#100)
https://github.com/bitwarden/passkeys-index/commit/a878184c23132365f2d2626b04f4f2490fbf334a
GitHubUpdate SARIF upload to use proper branch (#100) · bitwarden/passkeys-index@a878184A collection of sites and services that support passkeys. - Update SARIF upload to use proper branch (#100) · bitwarden/passkeys-index@a878184
Love seeing the European Union embracing #passkeys!
https://trusted-digital-identity.europa.eu/eu-login-help/can-i-use-passkey-eu-login_en
EU Login PortalPasskey in EU LoginEU Login supports Passkeys even though not yet visible in the interface. This page walks you through adding a Passkey and using it to authenticate with EU Login.
I’ve been on a tear setting up hardware-bound #passkeys on my YubiKeys for services that support true passwordless.
It’s still regrettably rare, but Google, Microsoft, and Yahoo all support it, which does cover most people’s email.
My password manager has never done me wrong but it’s reassuring to know I can get into my most important accounts without it.
Bonus points to Microsoft for letting you completely remove your password from your account. You can’t phish something that doesn’t exist.
@Alrescha @mrtechking IMHO #passwords, #passkeys, and #TOTP authentication are too important to tie to a single vendor’s OS/browser, which is one reason I favor #Bitwarden to manage all three.
#Apple has done amazing work and the UX is nearly seamless, but I have to work outside of their ecosystem as well.
#Apple has done amazing work and the UX is nearly seamless, but I have to work outside of their ecosystem as well.
Occasionally Google prompts me to create a passkey immediately after I signed in with one. I cancel and move on. No big deal, but it seems quite obtuse. They know I have multiple registered and that I just used one of them. #Fido2 #Passkey #Passkeys #Google #GoogleWorkspace
It seems that the username part of a passkey isn't used for authentication and is purely informational. I can create one, delete the username, and authenticate just fine with it.
LemonLDAP::NG 2.21 is out!
This new release includes improvements on OpenID Connect and CAS protocols, Loki logger, public notifications and much more.
Read our release notes: https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-0-is-out/
