MastodonTech.de

TechnoTenshi :verified_trans: :Fire_Lesbian:Typage 0.2.3 adds support for encrypting files with passkeys via WebAuthn PRF, enabling phishing-resistant, hardware-bound symmetric encryption in browser and CLI with age-plugin-fido2prf.Thanks <a href="https://abyssdomain.expert/@filippo" class="u-url mention" rel="nofollow noopener" target="_blank">@filippo</a> <a href="https://words.filippo.io/passkey-encryption/" rel="nofollow noopener" translate="no" target="_blank">https://words.filippo.io/passkey-encryption/</a><a href="https://infosec.exchange/tags/WebAuthn" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebAuthn</a> <a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#Passkeys</a> <a href="https://infosec.exchange/tags/Encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#Encryption</a> <a href="https://infosec.exchange/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#FIDO2</a>

apfeltalk :verified:Wie funktionieren Passkeys: Der vollständige Leitfaden für deine passwortlose Zukunft Die Verwaltung von Passwörtern bleibt eine der größten Herausforderungen im Bereich IT-Sicherheit. Viele Unternehmen und Nutzer <a href="https://www.apfeltalk.de/magazin/news/wie-funktionieren-passkeys-der-vollstaendige-leitfaden-fuer-deine-passwortlose-zukunft/" rel="nofollow noopener" target="_blank">https://www.apfeltalk.de/magazin/news/wie-funktionieren-passkeys-der-vollstaendige-leitfaden-fuer-deine-passwortlose-zukunft/</a> <a href="https://creators.social/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a> <a href="https://creators.social/tags/Authenticator" class="mention hashtag" rel="nofollow noopener" target="_blank">#Authenticator</a> <a href="https://creators.social/tags/Authentifizierung" class="mention hashtag" rel="nofollow noopener" target="_blank">#Authentifizierung</a> <a href="https://creators.social/tags/Datenschutz" class="mention hashtag" rel="nofollow noopener" target="_blank">#Datenschutz</a> <a href="https://creators.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#FIDO2</a> <a href="https://creators.social/tags/ITSicherheit" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITSicherheit</a> <a href="https://creators.social/tags/Passkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#Passkey</a> <a href="https://creators.social/tags/Passwortlos" class="mention hashtag" rel="nofollow noopener" target="_blank">#Passwortlos</a> <a href="https://creators.social/tags/PublicKeyKryptographie" class="mention hashtag" rel="nofollow noopener" target="_blank">#PublicKeyKryptographie</a> <a href="https://creators.social/tags/Sicherheitsschlssel" class="mention hashtag" rel="nofollow noopener" target="_blank">#Sicherheitsschlssel</a> <a href="https://creators.social/tags/WebAuthn" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebAuthn</a>

HexThe FIDO2 Level 2 certification should mean, that you can use your Nitrokey 3 with ID Austria.<a href="https://www.nitrokey.com/news/2025/nlnet-foundation-supports-nitrokey-3-storage-and-fido2-level-2-certification" rel="nofollow noopener" translate="no" target="_blank">https://www.nitrokey.com/news/2025/nlnet-foundation-supports-nitrokey-3-storage-and-fido2-level-2-certification</a><a href="https://www.id-austria.gv.at/de/hilfe/hilfe-zu-ida/authentifizierungsfaktoren#header-welche_fido_sicherheitsschlussel_sind_mit_id_austria_kompatibel_und_wo_sind_sie_erhaltlich-qbvpmo" rel="nofollow noopener" translate="no" target="_blank">https://www.id-austria.gv.at/de/hilfe/hilfe-zu-ida/authentifizierungsfaktoren#header-welche_fido_sicherheitsschlussel_sind_mit_id_austria_kompatibel_und_wo_sind_sie_erhaltlich-qbvpmo</a> (german only)<a href="https://chaos.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#FIDO2</a> <a href="https://chaos.social/tags/WebAuthn" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebAuthn</a> <a href="https://chaos.social/tags/IDAustria" class="mention hashtag" rel="nofollow noopener" target="_blank">#IDAustria</a> <a href="https://chaos.social/tags/Nitrokey" class="mention hashtag" rel="nofollow noopener" target="_blank">#Nitrokey</a>

Sass, DavidHey <a href="https://infosec.exchange/@merill" class="u-url mention" rel="nofollow noopener" target="_blank">@merill</a>, as I was chatting last week with <a href="https://infosec.exchange/@awakecoding" class="u-url mention" rel="nofollow noopener" target="_blank">@awakecoding</a> at <a href="https://infosec.exchange/tags/PSConfEU" class="mention hashtag" rel="nofollow noopener" target="_blank">#PSConfEU</a> he suggested to ask you about MacOS and RDP...Is is possible to RDP from MacOS over to an <a href="https://infosec.exchange/tags/Entra" class="mention hashtag" rel="nofollow noopener" target="_blank">#Entra</a> Joined Windows11 machine using <a href="https://infosec.exchange/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#FIDO2</a> credentials? On <a href="https://infosec.exchange/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a> I need this <code>Use a web account to sign in</code> check box and all kinds of other things like DNS record pointing to the host name. Is this even remotely possible from <a href="https://infosec.exchange/tags/MacOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#MacOS</a> over local network? Thanks!

JonatanWith USB/IP, I can now use my YubiKey remotely via SSH in the same way as I was sitting in front of my machine. Both in early boot stage (initrd); unlocking LUKS encrypted filesystem, and in booted system stage; signing git commits and authenticate to GitHub. Great! But what about using FIDO2/WebAuthn via RDP to log in to web services? USB redirection is not supported for xrdp. Is there any workarounds coming up to for example redirect WebAuthn from one machine to another?<a href="https://defcon.social/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#yubikey</a> <a href="https://defcon.social/tags/fido2" class="mention hashtag" rel="nofollow noopener" target="_blank">#fido2</a> <a href="https://defcon.social/tags/usbip" class="mention hashtag" rel="nofollow noopener" target="_blank">#usbip</a> <a href="https://defcon.social/tags/rdp" class="mention hashtag" rel="nofollow noopener" target="_blank">#rdp</a> <a href="https://defcon.social/tags/nixos" class="mention hashtag" rel="nofollow noopener" target="_blank">#nixos</a> <a href="https://defcon.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a>

Karl Voit :emacs: :orgmode:<a href="https://social.bund.de/@bsi" class="u-url mention" rel="nofollow noopener" target="_blank">@bsi</a> Sorry, starke Passwörter mit 2FA oder <a href="https://graz.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#Passkeys</a> helfen leider nicht prinzipiell gegen Phishing.Gerade bei der Methode mittels Smartphones kann man seine Passkey-Geheimnisse in die Cloud als auch zu anderen Personen transferieren. Das ist der Knackpunkt. In Zukunft zielt <a href="https://graz.social/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> dann halt auf die Übermittlung der Geheimnisse zum Angreifer ab. <a href="https://arxiv.org/abs/2501.07380" rel="nofollow noopener" translate="no" target="_blank">https://arxiv.org/abs/2501.07380</a> "Another concern could be social engineering, where a user is tricked into sharing a passkey with an account controlled by an attacker." -> Schutz nur bei ausschließlich "device-bound passkeys" in der "roaming-authenticator"-Variante = Hardware <a href="https://graz.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#FIDO2</a> Tokens. Die sind aktuell det einzige Schutz gegen Phishing.Aber alles ist besser als kein <a href="https://graz.social/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#2FA</a>.

TechnoTenshi :verified_trans: :Fire_Lesbian:Researcher demonstrates a software-only attack on WebAuthn by forging passkey signatures via Chrome's DevTools protocol. PoC bypasses security prompts, automates login, and exposes weak RP validation.<a href="https://www.nullpt.rs/forging-passkeys" rel="nofollow noopener" translate="no" target="_blank">https://www.nullpt.rs/forging-passkeys</a><a href="https://infosec.exchange/tags/WebAuthn" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebAuthn</a> <a href="https://infosec.exchange/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#FIDO2</a> <a href="https://infosec.exchange/tags/BrowserSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#BrowserSecurity</a> <a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#Passkeys</a>

Sebastian LauwersI switched my main SSH keys to be stored on my Yubikeys. It’s going to be interesting if this is a viable approach or not. It’s a shame there’s no PIN caching mechanism with FIDO2.<a href="https://mastodon.online/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://mastodon.online/tags/fido" class="mention hashtag" rel="nofollow noopener" target="_blank">#fido</a> <a href="https://mastodon.online/tags/fido2" class="mention hashtag" rel="nofollow noopener" target="_blank">#fido2</a> <a href="https://mastodon.online/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a>

🧿🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻🇺🇸<a href="https://mastodon.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#Passkeys</a> are for people who only use one device to access the Internet, or multiple devices that are all made by AAPL/GOOG.If you use Firefox on Ubuntu, Edge on Windows, Safari on Mac OS, and Chrome on ChromeOS you will have a bad time.<a href="https://mastodon.social/tags/webauthn" class="mention hashtag" rel="nofollow noopener" target="_blank">#webauthn</a> <a href="https://mastodon.social/tags/fido2" class="mention hashtag" rel="nofollow noopener" target="_blank">#fido2</a> <a href="https://mastodon.social/tags/passkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#passkey</a> <a href="https://mastodon.social/tags/auth" class="mention hashtag" rel="nofollow noopener" target="_blank">#auth</a> <a href="https://mastodon.social/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#authentication</a>

🧿🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻🇺🇸Explain <a href="https://mastodon.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#passkeys</a> to me like I'm your grandparents.<a href="https://mastodon.social/tags/2fa" class="mention hashtag" rel="nofollow noopener" target="_blank">#2fa</a> <a href="https://mastodon.social/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#authentication</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://mastodon.social/tags/fido" class="mention hashtag" rel="nofollow noopener" target="_blank">#fido</a> <a href="https://mastodon.social/tags/webauthn" class="mention hashtag" rel="nofollow noopener" target="_blank">#webauthn</a> <a href="https://mastodon.social/tags/fido2" class="mention hashtag" rel="nofollow noopener" target="_blank">#fido2</a> <a href="https://mastodon.social/tags/otp" class="mention hashtag" rel="nofollow noopener" target="_blank">#otp</a> <a href="https://mastodon.social/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#yubikey</a> <a href="https://mastodon.social/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#password</a> <a href="https://mastodon.social/tags/auth" class="mention hashtag" rel="nofollow noopener" target="_blank">#auth</a>

JRTOk with <a href="https://infosec.exchange/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#passkeys</a> booking.com went from one of the worst to a mediocre login experience. It would be wonderful if there was a setting to skip <a href="https://infosec.exchange/tags/TOTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#TOTP</a>, when signing in with a resident key.<a href="https://infosec.exchange/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#FIDO2</a>

Rafael KassnerSaving for later: Unlock LUKS volume with a YubiKey<a href="https://www.guyrutenberg.com/2022/02/17/unlock-luks-volume-with-a-yubikey/" rel="nofollow noopener" translate="no" target="_blank">https://www.guyrutenberg.com/2022/02/17/unlock-luks-volume-with-a-yubikey/</a>Use the dracut config from Wouter in the comments. If you set no PIN on the YubiKey, you can boot without a keyboard. You can use the same YubiKey for multiple machines.<a href="https://phpc.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a> <a href="https://phpc.social/tags/luks" class="mention hashtag" rel="nofollow noopener" target="_blank">#luks</a> <a href="https://phpc.social/tags/fido2" class="mention hashtag" rel="nofollow noopener" target="_blank">#fido2</a>

Sönke Schwardt-KrummrichI have wanted to use my Yubikeys for a secure SSH login for some time now. But like <a href="https://floss.social/@jgoerzen" class="u-url mention" rel="nofollow noopener" target="_blank">@jgoerzen</a>, I have come across many incorrect, poorly explained and inadequately explained instructions. It looks like John has now written the ultimate guide for <a href="https://univention.social/tags/SSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#SSH</a> with <a href="https://univention.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#FIDO2</a>/U2F hardware keys that beats all other guides I know of.<a href="https://www.complete.org/easily-using-ssh-with-fido2-u2f-hardware-security-keys/" rel="nofollow noopener" translate="no" target="_blank">https://www.complete.org/easily-using-ssh-with-fido2-u2f-hardware-security-keys/</a>

:hacker_p: :hacker_f: :hacker_t:Anyone familiar with <a href="https://infosec.exchange/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#FIDO2</a> / <a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#Passkeys</a> could you please <a href="https://infosec.exchange/tags/help" class="mention hashtag" rel="nofollow noopener" target="_blank">#help</a> me here?Accoding to Yubico docs on Passkey, the client/client device uses <a href="https://infosec.exchange/tags/CTAP2" class="mention hashtag" rel="nofollow noopener" target="_blank">#CTAP2</a> to communicate with platform authenticators. This sounds a bit strange to me, aren't there internal APIs on the platform that are called here? Isn't CTAP2 exclusive to <a href="https://infosec.exchange/tags/roaming" class="mention hashtag" rel="nofollow noopener" target="_blank">#roaming</a> authenticators?<a href="https://infosec.exchange/tags/advice" class="mention hashtag" rel="nofollow noopener" target="_blank">#advice</a> <a href="https://infosec.exchange/tags/thaks" class="mention hashtag" rel="nofollow noopener" target="_blank">#thaks</a> <a href="https://developers.yubico.com/Developer_Program/WebAuthn_Starter_Kit/Platform_and_Roaming_Authenticators.html" rel="nofollow noopener" translate="no" target="_blank">https://developers.yubico.com/Developer_Program/WebAuthn_Starter_Kit/Platform_and_Roaming_Authenticators.html</a>

0xKaishakunin<a href="https://mastodon.social/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> <a href="https://mastodon.social/tags/Password" class="mention hashtag" rel="nofollow noopener" target="_blank">#Password</a> Manager for <a href="https://mastodon.social/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#Android</a> will automatically upgrade your passwords to <a href="https://mastodon.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#FIDO2</a> <a href="https://mastodon.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#passkeys</a> Already seen on Google Play Services beta (25.19.31)The upgrades use the <a href="https://mastodon.social/tags/WebAuthn" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebAuthn</a> conditional registration extension, which has to be supported by the relying party<a href="https://www.androidpolice.com/google-may-auto-convert-passwords-to-passkeys-on-android/" rel="nofollow noopener" translate="no" target="_blank">https://www.androidpolice.com/google-may-auto-convert-passwords-to-passkeys-on-android/</a>

artfulrobot<a href="https://floss.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> role out <a href="https://floss.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#passkeys</a> by default but ... require you to install a Microsoft app on your phone to use it.Requiring a proprietary app makes a mockery of the open <a href="https://floss.social/tags/fido2" class="mention hashtag" rel="nofollow noopener" target="_blank">#fido2</a> standard and if they haven't used this as another tracking opportunity I'll eat my hat.At every turn Microsoft finds a way to lock down their users (I'd use "customers" but users are more like cattle to big tech rather than people who choose to give their custom)Ditch the lot! <a href="https://floss.social/tags/openSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#openSource</a> alternatives exist.

🔘 G◍M◍◍T 🔘💡 Microsoft: nuovi account senza password e con passkey di default<a href="https://gomoot.com/microsoft-nuovi-account-senza-password-e-con-passkey-di-default/" rel="nofollow noopener" translate="no" target="_blank">https://gomoot.com/microsoft-nuovi-account-senza-password-e-con-passkey-di-default/</a><a href="https://mastodon.uno/tags/blog" class="mention hashtag" rel="nofollow noopener" target="_blank">#blog</a> <a href="https://mastodon.uno/tags/fido" class="mention hashtag" rel="nofollow noopener" target="_blank">#fido</a> <a href="https://mastodon.uno/tags/fido2" class="mention hashtag" rel="nofollow noopener" target="_blank">#fido2</a> <a href="https://mastodon.uno/tags/microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#microsoft</a> <a href="https://mastodon.uno/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#news</a> <a href="https://mastodon.uno/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#password</a> <a href="https://mastodon.uno/tags/passwordless" class="mention hashtag" rel="nofollow noopener" target="_blank">#passwordless</a> <a href="https://mastodon.uno/tags/picks" class="mention hashtag" rel="nofollow noopener" target="_blank">#picks</a> <a href="https://mastodon.uno/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#tech</a> <a href="https://mastodon.uno/tags/tecnologia" class="mention hashtag" rel="nofollow noopener" target="_blank">#tecnologia</a> <a href="https://mastodon.uno/tags/windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#windows</a>

pink<a href="https://norden.social/@ksp1968" class="u-url mention" rel="nofollow noopener" target="_blank">@ksp1968</a> Ich habe auf die Schnelle nur etwas auf englisch gefunden: <a href="https://sts10.github.io/2022/11/11/mastodon-two-factor-authentication.html" rel="nofollow noopener" translate="no" target="_blank">https://sts10.github.io/2022/11/11/mastodon-two-factor-authentication.html</a> <a href="https://norden.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#FIDO2</a> wird da auch nicht erwähnt. Die offizielle <a href="https://norden.social/tags/Mastodon" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mastodon</a> Dokumentation (<a href="https://docs.joinmastodon.org/user/contacts/#account" rel="nofollow noopener" translate="no" target="_blank">https://docs.joinmastodon.org/user/contacts/#account</a>) ist auch nicht wirklich hilfreich. Vielleicht hat <a href="https://norden.social/@leuchtturm" class="u-url mention" rel="nofollow noopener" target="_blank">@leuchtturm</a> noch mehr Informationen?

ksp1968<a href="https://norden.social/@pink" class="u-url mention" rel="nofollow noopener" target="_blank">@pink</a> <a href="https://social.nitrokey.com/@nitrokey" class="u-url mention" rel="nofollow noopener" target="_blank">@nitrokey</a> <a href="https://norden.social/tags/fido2" class="mention hashtag" rel="nofollow noopener" target="_blank">#fido2</a> <a href="https://norden.social/tags/2fa" class="mention hashtag" rel="nofollow noopener" target="_blank">#2fa</a> <a href="https://norden.social/tags/token" class="mention hashtag" rel="nofollow noopener" target="_blank">#token</a> <a href="https://norden.social/tags/neuhier" class="mention hashtag" rel="nofollow noopener" target="_blank">#neuhier</a> Efahrungsbericht zur 2fa FIDO2 Anmeldung bei einer Instanz. Bei mir norden.social. Ihr könnt in den Einstellungen->Konto->2 Faktor Authentifizierung eure Anmeldung sicherer machen. Wenn ihr 2fa Authentifizierung eingerichtet habt, könnt ihr auch FIDO2 einrichten. Ich habe 2 solcher FIDO2-Token, und habe beide eingerichtet, über die ich mich nun anmelde. @norden.social: Gibt es eine Schritt für Schritt Anleitung für Anfänger dazu?

Frühere Suchanfragen

Suchoptionen

Verwaltet von:

Serverstatistik:

#fido2