Recent searches

No recent searches

Search options

Only available when logged in.
digitalcourage.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Diese Instanz wird betrieben von Digitalcourage e.V. für die Allgemeinheit. Damit wir das nachhaltig tun können, erheben wir einen jährlichen Vorausbeitrag von 1€/Monat per SEPA-Lastschrifteinzug.

Administered by:

Server stats:

830
active users

digitalcourage.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.4

#passwordless

0 posts0 participants0 posts today
*
Nishant Kaushik

In my first FIDO Alliance blog post, I cut through the noise around “passkeys being hacked” and clarify that the real issues lie in compromised environments, not in the technology. For product teams and leaders evaluating authentication strategies, the takeaway is straightforward: passkeys remain one of our strongest defenses against phishing and credential theft — when they’re implemented thoughtfully and paired with good security hygiene.

If you’ve been hesitant because of scary headlines, I hope this helps turn things back to reality: passkeys are here to stay, and they’re a major step forward.

Read the full thoughts here: fidoalliance.org/passkeys-are-

FIDO Alliance · Passkeys Are Not Broken. The Conversation About Them Often Is | FIDO AllianceEvery few months, like clockwork, a talk or article appears claiming that new research has uncovered a “vulnerability” with passkeys.  This can
#Passkeys#Security#Passwordless
Continued thread
ansuz / ऐरन

apparently family members are freaked out because microsoft is pushing their bullshit #passwordless nonsense, and there's an arbitrary deadline for August 1st on which they say they're going to delete all their passwords.

their default browser home pages have a bunch of suggested articles with scary headlines, and when they try to search for more information about it the information at the top of the page is LLM nonsense which only freaks them out more.

Continued thread
Serge from Babka

Another approach would be if Alice could generate multiple Passkeys and hand them out to individuals she trusts, and then retaining the ability to revoke them. Sadly many sites don't yet support Passkeys, and this model still lets someone like Mal revoke Alice's access, so that's not great.

Bitwarden has a feature whereby Alice can share a password with Eve but not let her see it or export it. This could work pretty well, except that if the site requires 2FA from a SMS text message (vs TOTP or a token) or if Eve has the knowhow to intercept the password.

I still think that what we ultimately want is attenuated scopes because then we can track all actions by the delegated party.

I do wonder if this need is niche or if the current solution of "good faith password sharing" works well enough often enough that it's not risen to the level of concern for developers.

2/2

#Authentication#Authorization#InfoSec
*
Serge from Babka

I've been thinking about delegated authority on websites lately.

It would be convenient if I could delegate certain functions to people, for example allowing someone like my accountant to have access to some of my financial records.

Some organizations make this easy, allowing me to have multiple accounts.

Other services don't offer this, nor do they offer any kind of OAuth type of delegated authorization or capabilities model.

I've been thinking about ways around this.

One very wacky way would be if Alice could have a a "special browser" that would tie into some service she runs. Bob would log in with his credentials and then behind the scenes the application logs in as Alice.

This would be very complicated to implement though.

1/

#Authentication#Authorization#InfoSec
Pyrzout :vm:

Your passwords are everywhere: What the massive 16 billion login leak means for you – Source: securityboulevard.com ciso2ciso.com/your-passwords-a #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #futureofpasswords #SecurityBoulevard #Threats&Breaches #Identity&Access #Dataprotection #cybersecurity #datasecurity #passwordless #password #Breach

CISO2CISO.COM & CYBER SECURITY GROUP · Your passwords are everywhere: What the massive 16 billion login leak means for you – Source: securityboulevard.comSource: securityboulevard.com - Author: Deepak Gupta - Tech Entrepreneur, Cybersecurity Author If you've ever wondered whether your personal accounts a
Pyrzout :vm:

Find the Best CIAM Solution for Your Business: A Comprehensive Guide to Modern Customer Identity Management – Source: securityboulevard.com ciso2ciso.com/find-the-best-ci #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #Identity&Access #authentication #Cybersecurity #passwordless #Passkeys #Security #CIAM #B2C #IAM

CISO2CISO.COM & CYBER SECURITY GROUP · Find the Best CIAM Solution for Your Business: A Comprehensive Guide to Modern Customer Identity Management – Source: securityboulevard.comSource: securityboulevard.com - Author: Dev Kumar Understanding how to choose the right Customer Identity and Access Management (CIAM) solution can feel
Pyrzout :vm:

OTP Authentication in 2025: How MojoAuth Stacks Up Against Twilio Verify, Auth0, Stytch & Descope – Source: securityboulevard.com ciso2ciso.com/otp-authenticati #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #Identity&Access #authentication #Cybersecurity #passwordless #ECommerce #CIAM #B2C #OTP

CISO2CISO.COM & CYBER SECURITY GROUP · OTP Authentication in 2025: How MojoAuth Stacks Up Against Twilio Verify, Auth0, Stytch & Descope – Source: securityboulevard.comSource: securityboulevard.com - Author: Dev Kumar One-time-password (OTP) delivery remains the work-horse of passwordless and
TrendingLive feeds
About