sigmoid.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A social space for people researching, working with, or just interested in AI!

Server stats:

583
active users

#SecurityKey

0 posts0 participants0 posts today
Francesco Yoshi Gobbo :linux:<p>Hello Hello!<br><a href="https://qoto.org/tags/SecuX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecuX</span></a> Tech, a Taiwanese business that produces security devices, sent me a security key, the PUFido Clife Key to unbox, and since I was there, I also make a <a href="https://qoto.org/tags/tutorial" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tutorial</span></a> and an explanation of what it is.</p><p><a href="https://www.youtube.com/watch?v=JLNijRxZZVQ" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=JLNijRxZZV</span><span class="invisible">Q</span></a><br><a href="https://qoto.org/tags/PUF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PUF</span></a> <a href="https://qoto.org/tags/securityKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityKey</span></a> <a href="https://qoto.org/tags/unboxing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>unboxing</span></a> <a href="https://qoto.org/tags/cyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberSecurity</span></a></p>
bash2<p>Hat jemensch schon einmal das Login der Schweizer Behörden (AGOV-Login, siehe <a href="https://www.agov.admin.ch/de" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">agov.admin.ch/de</span><span class="invisible"></span></a>) mit einem Nitrokey 3 getestet und kann etwas zur Kompatibilität sagen?</p><p>Geht das oder braucht es "zwingend" einen Schlüssel von Yubico oder Token2 (beide mit L2-Zertifizierung)?</p><p>Solo2-Schlüssel gehen jedenfalls nicht und die sind wohl eh EOL. Ich möchte gerne einen Schlüssel mit einer Open-Source-Firmware benutzen.</p><p>Nachtrag: Der NitroKey 3C geht definitiv nicht. Token2 hingegen schon.</p><p><span class="h-card" translate="no"><a href="https://social.nitrokey.com/@nitrokey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nitrokey</span></a></span> <a href="https://momou.social/tags/nitrokey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nitrokey</span></a> <a href="https://momou.social/tags/agov" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>agov</span></a> <a href="https://momou.social/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a> <a href="https://momou.social/tags/schweiz" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>schweiz</span></a> <a href="https://momou.social/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://momou.social/tags/securitykey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securitykey</span></a></p>
Colan Schwartz<p>This is unfortunate because I received a pair of these recently that I've been meaning to take out of the package. I guess they won't be issuing recalls?</p><p><a href="https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2024/</span><span class="invisible">09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/</span></a></p><p><a href="https://mastodon.social/tags/securitykey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securitykey</span></a> <a href="https://mastodon.social/tags/sidechannel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sidechannel</span></a> <a href="https://mastodon.social/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a> <a href="https://mastodon.social/tags/yubikeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikeys</span></a> <a href="https://mastodon.social/tags/hardwaretokens" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardwaretokens</span></a> <a href="https://mastodon.social/tags/hardwaretoken" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardwaretoken</span></a> <a href="https://mastodon.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptography</span></a> <a href="https://mastodon.social/tags/credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>credentials</span></a> <a href="https://mastodon.social/tags/fido" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fido</span></a></p>
Cliff<p>YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel.</p><p><a href="https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2024/</span><span class="invisible">09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/</span></a></p><p><a href="https://allthingstech.social/tags/YubiKeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YubiKeys</span></a> <a href="https://allthingstech.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://allthingstech.social/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tech</span></a> <a href="https://allthingstech.social/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>News</span></a> <a href="https://allthingstech.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechNews</span></a> <a href="https://allthingstech.social/tags/AllThingsTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AllThingsTech</span></a> <a href="https://allthingstech.social/tags/SecurityKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityKey</span></a></p>
Pyrzout :vm:<p>Vulnerability allows Yubico security keys to be cloned <a href="https://www.helpnetsecurity.com/2024/09/04/yubico-security-keys-vulnerability/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">helpnetsecurity.com/2024/09/04</span><span class="invisible">/yubico-security-keys-vulnerability/</span></a> <a href="https://social.skynetcloud.site/tags/InfineonTechnologies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfineonTechnologies</span></a> <a href="https://social.skynetcloud.site/tags/securitykey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securitykey</span></a> <a href="https://social.skynetcloud.site/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a> <a href="https://social.skynetcloud.site/tags/Don" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Don</span></a>'tmiss <a href="https://social.skynetcloud.site/tags/Hotstuff" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hotstuff</span></a> <a href="https://social.skynetcloud.site/tags/hardware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardware</span></a> <a href="https://social.skynetcloud.site/tags/research" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>research</span></a> <a href="https://social.skynetcloud.site/tags/Yubico" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Yubico</span></a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>News</span></a> <a href="https://social.skynetcloud.site/tags/MFA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MFA</span></a></p>
Jef Kazimer😶‍🌫️<p>I don't know who needs to hear this, but put an AirTag on that key ring of FIDO2 security keys you have.</p><p><a href="https://infosec.exchange/tags/passkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkey</span></a> <a href="https://infosec.exchange/tags/fido2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fido2</span></a> <a href="https://infosec.exchange/tags/securitykey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securitykey</span></a></p>
🧿🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻🇺🇸<p>Does anyone know of a bank that lets you use a Fido2 security key to authenticate?</p><p>My bank only allows SMS based 2FA, so my fiat can all be stolen by any employee of my phone company at any time.</p><p><a href="https://mastodon.social/tags/2fa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2fa</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/fido2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fido2</span></a> <a href="https://mastodon.social/tags/securityKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityKey</span></a> <a href="https://mastodon.social/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a> <a href="https://mastodon.social/tags/passkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkey</span></a> <a href="https://mastodon.social/tags/bank" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bank</span></a> <a href="https://mastodon.social/tags/fido" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fido</span></a> <a href="https://mastodon.social/tags/webauthn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webauthn</span></a> <a href="https://mastodon.social/tags/auth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>auth</span></a> <a href="https://mastodon.social/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a></p>
🧿🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻🇺🇸<p>PassKeys seem like a bad idea. Google backs them up to the cloud, so if your Google account is compromised then all your private keys are compromised. I don't see how that's an improvement over password+2FA at all.</p><p>Now security keys I get; keep the private key on an airgapped device. That's good. Hell I even keep my 2FA-OTP salts on a YubiKey.</p><p><a href="https://mastodon.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkeys</span></a> <a href="https://mastodon.social/tags/fido2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fido2</span></a> <a href="https://mastodon.social/tags/webauthn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webauthn</span></a> <a href="https://mastodon.social/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a> <a href="https://mastodon.social/tags/2fa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2fa</span></a> <a href="https://mastodon.social/tags/otp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>otp</span></a> <a href="https://mastodon.social/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a> <a href="https://mastodon.social/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptography</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://mastodon.social/tags/passkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkey</span></a> <a href="https://mastodon.social/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://mastodon.social/tags/securityKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securityKey</span></a> <a href="https://mastodon.social/tags/google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>google</span></a></p>
Shawn Brink<p>How to Add or Remove <a href="https://techhub.social/tags/Passkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passkey</span></a> on <a href="https://techhub.social/tags/SecurityKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityKey</span></a> for your <a href="https://techhub.social/tags/MicrosoftAccount" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MicrosoftAccount</span></a> <br><a href="https://www.elevenforum.com/t/add-or-remove-passkey-on-security-key-for-your-microsoft-account.24863/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">elevenforum.com/t/add-or-remov</span><span class="invisible">e-passkey-on-security-key-for-your-microsoft-account.24863/</span></a></p>
Michael :donor:<p>When implementing <a href="https://infosec.exchange/tags/WebAuthn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebAuthn</span></a> on an Identity Provider's side. Where exactly should one draw the line between <a href="https://infosec.exchange/tags/SecurityKey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityKey</span></a> and <a href="https://infosec.exchange/tags/Passkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passkey</span></a>? I see that most platforms make a distinction between those. Can anyone link me some article or blog post on this topic? If I were to implement security key and passkey support on a provider that does not yet support any WebAuthn, should I go down the same route?</p><p>My current assumption is that during passkey registration you'd set "residentKey = required" and "userVerification = required", whereas for a security key you'd set "residentKey = discouraged" and "userVerification = preferred".</p><p>Also, I'm assuming that a security key can also function as a form of <a href="https://infosec.exchange/tags/passwordless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwordless</span></a> multi-factor authentication if UV was true during registration AND authentication. Obviously without the neat part of Passkeys where you don't have to manually enter the username.</p><p><a href="https://infosec.exchange/tags/IAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IAM</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentication</span></a></p>
Tinned-Software<p>For decades, users have authenticated on systems with usernames and passwords. This method of authentication has not changed since the beginning of the Internet. As the Internet became a more hostile place and threats emerged,&nbsp;...</p><p><a href="https://blog.tinned-software.net/secure-authentication-and-how-it-changed-over-time/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.tinned-software.net/secur</span><span class="invisible">e-authentication-and-how-it-changed-over-time/</span></a></p><p><a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/securitykey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securitykey</span></a> <a href="https://infosec.exchange/tags/securitykeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securitykeys</span></a> <a href="https://infosec.exchange/tags/fido" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fido</span></a> <a href="https://infosec.exchange/tags/fido2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fido2</span></a> <a href="https://infosec.exchange/tags/totp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>totp</span></a> <a href="https://infosec.exchange/tags/passkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkey</span></a></p>
EINGFOAN :donor:<p>updated <a href="https://infosec.exchange/tags/fido2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fido2</span></a> <a href="https://infosec.exchange/tags/fido" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fido</span></a> <a href="https://infosec.exchange/tags/securitykey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securitykey</span></a> <a href="https://infosec.exchange/tags/comparison" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>comparison</span></a> draft Version 0.8 </p><p><a href="https://infosec.exchange/tags/yubikey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>yubikey</span></a> <a href="https://infosec.exchange/tags/nitrokey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nitrokey</span></a> <a href="https://infosec.exchange/tags/gotrust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gotrust</span></a> <a href="https://infosec.exchange/tags/feitian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>feitian</span></a> <a href="https://infosec.exchange/tags/solokey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>solokey</span></a> <a href="https://infosec.exchange/tags/titan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>titan</span></a> <a href="https://infosec.exchange/tags/google" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>google</span></a><br><a href="https://infosec.exchange/tags/mfa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mfa</span></a> <a href="https://infosec.exchange/tags/u2f" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>u2f</span></a></p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@Fr333k" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Fr333k</span></a></span> <span class="h-card" translate="no"><a href="https://chaos.social/@matthegap" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>matthegap</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@shellsharks" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>shellsharks</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@FritzAdalis" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>FritzAdalis</span></a></span> <br><span class="h-card" translate="no"><a href="https://social.heise.de/@heisec" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>heisec</span></a></span></p><p>If updates are needed Post a reply here</p><p>Credits to</p><p><a href="https://medium.com/webauthnworks/sorting-fido-ctap-webauthn-terminology-7d32067c0b01&amp;sa=D&amp;source=editors&amp;ust=1686248837634831&amp;usg=AOvVaw1RNctynoDjZdGOtR_n3KPm" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">medium.com/webauthnworks/sorti</span><span class="invisible">ng-fido-ctap-webauthn-terminology-7d32067c0b01&amp;sa=D&amp;source=editors&amp;ust=1686248837634831&amp;usg=AOvVaw1RNctynoDjZdGOtR_n3KPm</span></a></p><p><a href="https://fidoalliance.org/specifications/&amp;sa=D&amp;source=editors&amp;ust=1686248837635017&amp;usg=AOvVaw1j45hHJTnxzwWfT7VRfWK6" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">fidoalliance.org/specification</span><span class="invisible">s/&amp;sa=D&amp;source=editors&amp;ust=1686248837635017&amp;usg=AOvVaw1j45hHJTnxzwWfT7VRfWK6</span></a></p><p><a href="https://doubleoctopus.com/blog/standards-regulations/your-complete-guide-to-fido-fast-identity-online/&amp;sa=D&amp;source=editors&amp;ust=1686248837635116&amp;usg=AOvVaw3wIncGqheQ1koX9LV9-KED" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">doubleoctopus.com/blog/standar</span><span class="invisible">ds-regulations/your-complete-guide-to-fido-fast-identity-online/&amp;sa=D&amp;source=editors&amp;ust=1686248837635116&amp;usg=AOvVaw3wIncGqheQ1koX9LV9-KED</span></a></p>