Paris Web<p>Avec les passkeys, on a une authentification sécurisée, pratique et sans mot passe.<br>Découvrez comment les implémenter en pratique avec <span class="h-card" translate="no"><a href="https://hachyderm.io/@kehrlann" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kehrlann</span></a></span> !</p><p><a href="https://www.paris-web.fr/2025/conference/passkeys-en-pratique" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">paris-web.fr/2025/conference/p</span><span class="invisible">asskeys-en-pratique</span></a></p><p><a href="https://mamot.fr/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkeys</span></a> <a href="https://mamot.fr/tags/s%C3%A9curit%C3%A9" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sécurité</span></a> <a href="https://mamot.fr/tags/authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentification</span></a></p>
digitalcourage.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Diese Instanz wird betrieben von Digitalcourage e.V. für die Allgemeinheit. Damit wir das nachhaltig tun können, erheben wir einen jährlichen Vorausbeitrag von 1€/Monat per SEPA-Lastschrifteinzug.
Administered by:
Server stats:
823active users
digitalcourage.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#authentification
0 posts · 0 participants · 0 posts today
Laurent Espitallier<p>Passkeys are incompatible with open-source software (was: “Passkey marketing is lying to you”) – Smoking on a Bike <a href="https://www.smokingonabike.com/2025/01/04/passkey-marketing-is-lying-to-you" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">smokingonabike.com/2025/01/04/</span><span class="invisible">passkey-marketing-is-lying-to-you</span></a> <a href="https://mastouille.fr/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://mastouille.fr/tags/passkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkey</span></a> <a href="https://mastouille.fr/tags/souverainet%C3%A9_num%C3%A9rique" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>souveraineté_numérique</span></a> <a href="https://mastouille.fr/tags/souverainet%C3%A9num%C3%A9rique" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>souveraineténumérique</span></a> <a href="https://mastouille.fr/tags/cybers%C3%A9curit%C3%A9" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersécurité</span></a> <a href="https://mastouille.fr/tags/authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentification</span></a> <a href="https://mastouille.fr/tags/open_source" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>open_source</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@stman" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>stman</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@Sempf" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Sempf</span></a></span> <span class="h-card" translate="no"><a href="https://chaos.social/@LaF0rge" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>LaF0rge</span></a></span> yes.</p><p>Because physical SIMs, like any <em>"cryptographic chipcard"</em> (i.e. <span class="h-card" translate="no"><a href="https://social.nitrokey.com/@nitrokey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nitrokey</span></a></span> ) did all that fancy public/private crypto on silicon and unless that was compromizeable (which AFAICT always necessistated physical access to the <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIM</span></a>, espechally in pre-<a href="https://infosec.space/tags/OMAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMAPI</span></a> devices) the SIM wasn't <em>'cloneable'</em> and the weakest link always had been the <a href="https://infosec.space/tags/MNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MNO</span></a> /.<a href="https://infosec.space/tags/MVNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MVNO</span></a> issueing (may it be through <a href="https://infosec.space/tags/SocialHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialHacking</span></a> employees into <em><a href="https://infosec.space/tags/SimSwapping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SimSwapping</span></a></em> or LEAs showng up with a warrant and demanding <em>"<a href="https://infosec.space/tags/LawfulInterception" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LawfulInterception</span></a>"</em>):</p><ul><li>These <em>"attack vectors"</em> were known and whilst <em>unfixable</em> they could at least be mitigated by i.e. <em>NEVER</em> using a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> for anything <em>and/or</em> using anonymously obtained <a href="https://infosec.space/tags/SIMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIMs</span></a>. But more and more services like <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> did <a href="https://infosec.space/tags/regression" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>regression</span></a> demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> <em>and</em> more and more nations <em>criminalized</em> <a href="https://infosec.space/tags/AnonymousSimCards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AnonymousSimCards</span></a> under utterly <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberfacist</span></a> & <a href="https://infosec.space/tags/FalsePretenses" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FalsePretenses</span></a>!</li></ul><p>Add to that the <em>regression</em> in flexibility: </p><p>Unlike a <a href="https://infosec.space/tags/SimCard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SimCard</span></a> which was designed as a <em>vendor-independent, <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a>, <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a>, device agnostic unit to facilitate the the <a href="https://infosec.space/tags/authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentification</span></a> and <a href="https://infosec.space/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a> in <a href="https://infosec.space/tags/GSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GSM</span></a> (and successor standards)</em>, <a href="https://infosec.space/tags/eSIMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIMs</span></a> act to restrict <a href="https://infosec.space/tags/DeviceFreedom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DeviceFreedom</span></a> and <a href="https://infosec.space/tags/ConsumerChoice" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConsumerChoice</span></a>, which with shit like <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a> per <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMEI</span></a> (i.e. <a href="https://infosec.space/tags/Turkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Turkey</span></a> demands it after 90 days of roaming per year) und <a href="https://infosec.space/tags/lMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lMEI</span></a>-based <a href="https://infosec.space/tags/Allowlisting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Allowlisting</span></a> (see <a href="https://infosec.space/tags/Australia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Australia</span></a>'s shitty <a href="https://infosec.space/tags/VoLTE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VoLTE</span></a> + <a href="https://infosec.space/tags/2G" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2G</span></a> & <a href="https://infosec.space/tags/3G" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>3G</span></a> shutdown!) are just acts to clamp down on <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> and <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a>.</p><ul><li>And with <a href="https://infosec.space/tags/EID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EID</span></a> being unique per <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a> (like the <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMEI</span></a> on top!) there's nothing stopping <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberfacist</span></a> regimes like <em>"P.R."</em> <a href="https://infosec.space/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>China</span></a>, <a href="https://infosec.space/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Russia</span></a>, <a href="https://infosec.space/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iran</span></a>, ... from banning <em>"<a href="https://infosec.space/tags/eSIMcards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIMcards</span></a>"</em> (<a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a> in SIM card form factor) or entire device prefixes (i.e. all phones that are supported by <span class="h-card" translate="no"><a href="https://grapheneos.social/@GrapheneOS" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GrapheneOS</span></a></span> ), as M(V)NOs see the EID used to deploy/activate a profile (obviously they don't want people to activate eSIMs more than once, <em>unless explicitly allowed otherwise</em>.</li></ul><p>"[…] [Technologies] must <em>always</em> be evaluated for their ability to oppress. […] </p><ul><li>Dan Olson</li></ul><p>And now you know why I consider a <a href="https://infosec.space/tags/smartphone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>smartphone</span></a> with eSIM instead of two SIM slots not as a <em>real</em> <a href="https://infosec.space/tags/DualSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DualSIM</span></a> device because it restricts my ability to freely move devices.</p><ul><li>And whilst German Courts reaffirmed §77 TKG (Telco Law)'s mandate to letting people choose their devices freely, (by declarong <a href="https://infosec.space/tags/fees" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fees</span></a> for reissue of eSIMs illegal) that is only <em>enforceable towards M(V)NOs who are in <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Germany</span></a></em>, so <em>'good luck'</em> trying to enforce that against some overseas roaming provider.</li></ul><p>Thus <a href="https://infosec.space/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Impersonation</span></a> attacks in GSM-based networks are easier than ever before which in the age of <em>more skilled than ever</em> <a href="https://infosec.space/tags/Cybercriminals" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybercriminals</span></a> and <a href="https://infosec.space/tags/Cyberterrorists" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberterrorists</span></a> (i.e. <a href="https://infosec.space/tags/NSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NSA</span></a> & <a href="https://infosec.space/tags/Roskomnadnozr" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Roskomnadnozr</span></a>) puts espechally the average <em><a href="https://infosec.space/tags/TechIlliterate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechIlliterate</span></a> User</em> at risk.</p><ul><li>I mean, anyone else remember the <a href="https://infosec.space/tags/Kiddies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kiddies</span></a> that <em>fucked around</em> with <a href="https://infosec.space/tags/CIA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CIA</span></a> director <a href="https://infosec.space/tags/Brennan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Brennan</span></a>? Those were just using their <em>"weapons-grade <a href="https://infosec.space/tags/boredom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>boredom</span></a>"</em>, not being effective, for-profit cyber criminals!</li></ul><p>And then think about those who don't have <em>privilegued access</em> to <em>protection</em> by their government, but rather <em>"privilegued access" to prosecution</em> by the state <em>because their very existance is criminalized...</em></p> <p>The only advantage eSIMs broight in contrast is <em>'logistical' convenience</em> because it's mostly a <a href="https://infosec.space/tags/QRcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>QRcode</span></a> and that's just a way to avoid typos on a cryptic <a href="https://infosec.space/tags/LocalProfileAgent" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LocalProfileAgent</span></a> link.</p>
WhilelM<p>« Et quand tout ça fuite (parce que ça fuira), vous ferez quoi ? Vous changerez de doigts ? Vous demanderez un nouveau visage au support client ? Qui a validé cette connerie monumentale de considérer un secret comme valide alors qu’il est littéralement visible sur votre tronche ou que vous en déposez une copie conforme sur tout ce que vous touchez ? »<br> - Bluetouff</p><p><a href="https://mstdn.fr/tags/biometrie" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>biometrie</span></a> <a href="https://mstdn.fr/tags/authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentification</span></a> <a href="https://mstdn.fr/tags/cybersecurit%C3%A9" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurité</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://digipres.club/@foone" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>foone</span></a></span> the whole <em>unfixably fucked security</em> is something <span class="h-card" translate="no"><a href="https://mastodon.social/@stman" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>stman</span></a></span> and I discussed in lenghts.</p><ul><li>We came to the conclusion that using PS/2 ports and having a fully-transparent keyboard in a vlear, sealed case with reference images is the only option.</li></ul><p><a href="https://infosec.space/tags/USB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USB</span></a> is <em>unfixably broken</em> as it inherently does neither <a href="https://infosec.space/tags/authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentification</span></a> (<a href="https://infosec.space/tags/BIOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BIOS</span></a> & <a href="https://infosec.space/tags/UEFI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UEFI</span></a> filter only by <a href="https://infosec.space/tags/HID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HID</span></a> class drivers if they can do so at all!) nor proper integrity checking nor any <a href="https://infosec.space/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> whatsoever.</p><ul><li>Most enterprises and organizations that I know who do care about this <em>literally</em> hardwire systems, but them in lockedcabinets, use <a href="https://infosec.space/tags/PS2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PS2</span></a> HIDs, disable <a href="https://infosec.space/tags/USB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USB</span></a> controllers and set ports and headers in resin...</li></ul><p>I mean, as soon as you got a <a href="https://infosec.space/tags/PwnPi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PwnPi</span></a> or <a href="https://infosec.space/tags/PoisonTap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PoisonTap</span></a> at your hand, it's gameover...<br><a href="https://www.youtube.com/watch?v=Aatp5gCskvk" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=Aatp5gCskv</span><span class="invisible">k</span></a></p>
Stéphane Bortzmeyer<p><span class="h-card" translate="no"><a href="https://mastodon.social/@jpmens" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jpmens</span></a></span> "Je suis moi"</p><p><a href="https://mastodon.gougere.fr/tags/authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentification</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@waldoj" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>waldoj</span></a></span> or even better: Abolish <a href="https://infosec.space/tags/SSN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSN</span></a>|s as a means of <a href="https://infosec.space/tags/authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentification</span></a> entirely! </p><p><a href="https://www.youtube.com/watch?v=Erp8IAUouus&pp=ygUMY2dwIGdyZXkgc3Nu" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=Erp8IAUouu</span><span class="invisible">s&pp=ygUMY2dwIGdyZXkgc3Nu</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@eff" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>eff</span></a></span> <span class="h-card" translate="no"><a href="https://press.coop/@Gizmodo" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Gizmodo</span></a></span> the fact that one.can't effectively <a href="https://infosec.space/tags/refuse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>refuse</span></a> or <a href="https://infosec.space/tags/deny" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deny</span></a> <a href="https://infosec.space/tags/biometrics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>biometrics</span></a> makes them irredeemably <em><a href="https://infosec.space/tags/insecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>insecure</span></a> in every scenario</em> kinda <a href="https://infosec.space/tags/authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentification</span></a>.</p><p>It'll me.more secure to use 9876 or 4321 as PIN than fingerprints or god forbid one's face!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://blob.cat/users/akatsukilevi" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>akatsukilevi</span></a></span> <span class="h-card" translate="no"><a href="https://wetdry.world/@kat" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kat</span></a></span> Personally, I've heard once of <a href="https://infosec.space/tags/GitTorrent" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitTorrent</span></a> before but like <a href="https://infosec.space/tags/BitMessage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BitMessage</span></a> found it to be clunky, slow and ugly af.</p><p><a href="https://infosec.space/tags/Blockchains" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Blockchains</span></a> - espechally <a href="https://infosec.space/tags/Bitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bitcoin</span></a> - are not efficient at handling many small transactions as is commonplace in <a href="https://infosec.space/tags/Git" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Git</span></a>, and for <a href="https://infosec.space/tags/Authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentification</span></a>, <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a> and <a href="https://infosec.space/tags/SSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSH</span></a> do work way better...</p><p>OFC someone could rework that to use <a href="https://infosec.space/tags/Solana" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Solana</span></a> or other stuff but I don't like <a href="https://infosec.space/tags/Shitcoins" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Shitcoins</span></a> and the only <a href="https://infosec.space/tags/Cryptocurrency" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cryptocurrency</span></a> that I can take serious is <a href="https://infosec.space/tags/Monero" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Monero</span></a> which is designed to not allow tracking users and transactions!</p>
F. Maury ⏚<p>Je viens de publier un cours intitulé "Identité et méthodes d'authentification" sous licence CC-BY : <a href="https://broken-by-design.fr/posts/cours-id-authn/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">broken-by-design.fr/posts/cour</span><span class="invisible">s-id-authn/</span></a></p><p>Ce cours s'adresse aux personnes de niveau M2 et aux professionnel.les débutant.es, même si les plus expérimenté.es pourraient y trouver des informations intéressantes.</p><p>Il comprend une introduction aux différents types de référentiels d'identités, avant de plonger dans l'authentification, sous des angles juridiques et techniques. Authentification multifacteur, forte, résistante au phishing, assurant de bonnes garanties de vie privée ! Authentification à l'état de l'art ! Vous pourrez en apprendre plus à ces sujets grâce à ce cours.</p><p>Et ce n'est que la première partie ! Ce mois-ci, une seconde partie sera publiée, sur le sujet de l'autorisation, avec un TP de mise en place de <a href="https://infosec.exchange/tags/Keycloak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Keycloak</span></a> pour une authentification fédérée avec OpenID Connect! À suivre !</p><p><a href="https://infosec.exchange/tags/oidc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>oidc</span></a> <a href="https://infosec.exchange/tags/webauthn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webauthn</span></a> <a href="https://infosec.exchange/tags/identit%C3%A9" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>identité</span></a> <a href="https://infosec.exchange/tags/authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentification</span></a> <a href="https://infosec.exchange/tags/saml" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>saml</span></a> <a href="https://infosec.exchange/tags/tls" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tls</span></a> <a href="https://infosec.exchange/tags/motdepasse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>motdepasse</span></a> <a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/snc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>snc</span></a> <a href="https://infosec.exchange/tags/eidas" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eidas</span></a> <a href="https://infosec.exchange/tags/dsp2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dsp2</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cours" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cours</span></a> <a href="https://infosec.exchange/tags/ccby4" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ccby4</span></a> <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>phishing</span></a></p>
Lizard_secu<p>Notre prochaine soirée au meetup <a href="https://mamot.fr/tags/cybersecurite" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurite</span></a> <span class="h-card" translate="no"><a href="https://bird.makeup/users/outscale_fr" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>outscale_fr</span></a></span> Le programme : ADNS (<span class="h-card" translate="no"><a href="https://mamot.fr/@hellosct1" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>hellosct1</span></a></span> & @jfbaillette), futur l'<a href="https://mamot.fr/tags/authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentification</span></a> à l'ère de la <a href="https://mamot.fr/tags/blockchain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blockchain</span></a><br>(Renaud Lifchitz), Technologie d'<a href="https://mamot.fr/tags/autorisation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>autorisation</span></a> distribué (@BastienVigneron & Clément Delafargue) <a href="https://www.meetup.com/fr-FR/lizard_secu/events/297277278/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">meetup.com/fr-FR/lizard_secu/e</span><span class="invisible">vents/297277278/</span></a></p>
Lars Bartsch<p><span class="h-card" translate="no"><a href="https://digitalcourage.social/@reticuleena" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>reticuleena</span></a></span> <br>Jetzt nochmal in der substantivierten Form abfragen und dann die Ergebnisse vergleichen.</p><p>**Nur Spaß** 😉</p><p><a href="https://social.tchncs.de/tags/authentisierung" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentisierung</span></a> <a href="https://social.tchncs.de/tags/authentifizierung" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentifizierung</span></a> <br><a href="https://social.tchncs.de/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a> <a href="https://social.tchncs.de/tags/authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentification</span></a></p>
Marcel SIneM(S)US<p>heise+ | IT-Sicherheit: Verbreitete Mythen und Irrtümer aufgeklärt | heise online <a href="https://www.heise.de/hintergrund/IT-Sicherheit-Verbreitete-Mythen-und-Irrtuemer-aufgeklaert-8986468.html" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/hintergrund/IT-Sicher</span><span class="invisible">heit-Verbreitete-Mythen-und-Irrtuemer-aufgeklaert-8986468.html</span></a> <a href="https://social.tchncs.de/tags/heiseplus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>heiseplus</span></a> <a href="https://social.tchncs.de/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://social.tchncs.de/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ransomware</span></a> <a href="https://social.tchncs.de/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://social.tchncs.de/tags/authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentification</span></a> <a href="https://social.tchncs.de/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a></p>
GNU/Linux.ch<p>Zum Wochenende: 2FA beim eBanking</p><p>Wer es besonders sicher haben möchte, zahlt dafür. </p><p><a href="https://social.anoxinon.de/tags/E_Banking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E_Banking</span></a> <a href="https://social.anoxinon.de/tags/Banken" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Banken</span></a> <a href="https://social.anoxinon.de/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a> <a href="https://social.anoxinon.de/tags/Zweiter_Faktor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Zweiter_Faktor</span></a> <a href="https://social.anoxinon.de/tags/Authentifizierung" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentifizierung</span></a> <a href="https://social.anoxinon.de/tags/Autorisierung" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Autorisierung</span></a> <a href="https://social.anoxinon.de/tags/Authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authorization</span></a> <a href="https://social.anoxinon.de/tags/Authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentification</span></a> <a href="https://social.anoxinon.de/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a></p><p><a href="https://gnulinux.ch/zum-wochenende-2fa-ebanking" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gnulinux.ch/zum-wochenende-2fa</span><span class="invisible">-ebanking</span></a></p>
HRH ginsterbusch<p>On <a href="https://kosmos.social/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a>: So, tell me, how is this supposed to work - use fediverse on multiple clients, but use your smartphone as 2FA Auth .. when the app is running on your phone, too?</p><p><a href="https://kosmos.social/tags/authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentification</span></a> <a href="https://kosmos.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a></p>
Grégory PAUL<p>FranceConnect : le bouton de connexion avec Ameli en partie désactivé après des problèmes de sécurité <a href="https://www.lemonde.fr/pixels/article/2022/09/01/franceconnect-le-bouton-de-connexion-avec-ameli-desactive-apres-des-problemes-de-securite_6139814_4408996.html" rel="nofollow noopener" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">lemonde.fr/pixels/article/2022</span><span class="invisible">/09/01/franceconnect-le-bouton-de-connexion-avec-ameli-desactive-apres-des-problemes-de-securite_6139814_4408996.html</span></a> <a href="https://framapiaf.org/tags/cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyber</span></a> <a href="https://framapiaf.org/tags/s%C3%A9curit%C3%A9" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sécurité</span></a> <a href="https://framapiaf.org/tags/authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentification</span></a> <a href="https://framapiaf.org/tags/FranceConnect" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FranceConnect</span></a></p>
IT News<p>Passwordless Authentication: The New Shift in Cybersecurity Bound to Revolutionize Fintech - Cybersecurity is a great concern for every organization that has even the littlest... - <a href="https://readwrite.com/2021/06/22/passwordless-authentication-the-new-shift-in-cybersecurity-bound-to-revolutionize-fintech/" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">readwrite.com/2021/06/22/passw</span><span class="invisible">ordless-authentication-the-new-shift-in-cybersecurity-bound-to-revolutionize-fintech/</span></a> <a href="https://schleuss.online/tags/authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentification</span></a> <a href="https://schleuss.online/tags/dataandsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dataandsecurity</span></a> <a href="https://schleuss.online/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://schleuss.online/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://schleuss.online/tags/fintech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fintech</span></a> <a href="https://schleuss.online/tags/finance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>finance</span></a> <a href="https://schleuss.online/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tech</span></a> <a href="https://schleuss.online/tags/web" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>web</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload