Anoxinon e.V. 
c_th1<p>GNU/Linux.ch: CIW130 - Tausendsassa <br>Mailbox. org</p><p>Welche dieser Aktivitäten sind aus heutiger Sicht die relevantesten?<br>Was sind die Alleinstellungsmerkmale von <a href="https://digitalcourage.social/tags/mailboxorg" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mailboxorg</span></a><br>Jemand aus der Community fragt, wie es aktuell um die Integration von <a href="https://digitalcourage.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO2</span></a> bzw. <a href="https://digitalcourage.social/tags/U2F" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>U2F</span></a> steht.<br>Aus welchem Grund entscheiden sich Kunden für <a href="https://digitalcourage.social/tags/OpenTalk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenTalk</span></a>, wo es doch Jitsi, BigBlueButton oder <a href="https://digitalcourage.social/tags/Nextcloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Nextcloud</span></a> Talk gibt ?<br>Welche Motivation steckt hinter <a href="https://digitalcourage.social/tags/OpenCloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenCloud</span></a> als <a href="https://digitalcourage.social/tags/OwnCloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OwnCloud</span></a> Fork?<br>Wodurch unterscheidet sich OpenCloud von NextCloud?<br>Wie siehst Du die Bedeutung eurer Produkte für die europäische digitale Souveränität?<br>Gibt es weitere Pläne für freie Produkte?</p><p>Webseite der Episode: <a href="https://gnulinux.ch/ciw130-podcast" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gnulinux.ch/ciw130-podcast</span><span class="invisible"></span></a></p><p>Mediendatei: <a href="https://gnulinux.ch/podcast/CIW130.mp3" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gnulinux.ch/podcast/CIW130.mp3</span><span class="invisible"></span></a></p><p><span class="h-card" translate="no"><a href="https://social.anoxinon.de/@gnulinux" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>gnulinux</span></a></span> <br><span class="h-card" translate="no"><a href="https://social.mailbox.org/@mailbox_org" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mailbox_org</span></a></span></p>
Frühere Suchanfragen
Keine früheren Suchanfragen
Suchoptionen
Nur verfügbar, wenn angemeldet.
social.anoxinon.de ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Die offizielle Mastodon Instanz des Vereins Anoxinon e.V.
Verwaltet von:
Serverstatistik:
1,1 Tsd.aktive Profile
social.anoxinon.de: Über · Profilverzeichnis · Datenschutzerklärung
Mastodon: Über · App herunterladen · Tastenkombinationen · Quellcode anzeigen · v4.3.7
#u2f
0 Beiträge · 0 Beteiligte · 0 Beiträge heute
IT News<p>Add WebUSB Support To Firefox With a Special USB Device - RP2040-based Pico board acting as U2F dongle with Firefox. (Credit: ArcaneNibble, ... - <a href="https://hackaday.com/2025/03/15/add-webusb-support-to-firefox-with-a-special-usb-device/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackaday.com/2025/03/15/add-we</span><span class="invisible">busb-support-to-firefox-with-a-special-usb-device/</span></a> <a href="https://schleuss.online/tags/computerhacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>computerhacks</span></a> <a href="https://schleuss.online/tags/securityhacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityhacks</span></a> <a href="https://schleuss.online/tags/firefox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firefox</span></a> <a href="https://schleuss.online/tags/webusb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webusb</span></a> <a href="https://schleuss.online/tags/u2f" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>u2f</span></a></p>
release_candidate<p>This is the way I config PAM to authenticate with my USB keys in NetBSD.</p><p>I type a password to decrypt the disk, and that's it.</p><p>No passwords to log-in, unlock the screen or run doas. Only the key.</p><p><a href="https://vsis.online/posts/2025-01-14-pam-u2f/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">vsis.online/posts/2025-01-14-p</span><span class="invisible">am-u2f/</span></a></p><p><a href="https://mastodon.bsd.cafe/tags/NetBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetBSD</span></a> <a href="https://mastodon.bsd.cafe/tags/U2F" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>U2F</span></a> <a href="https://mastodon.bsd.cafe/tags/fido2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido2</span></a></p>
release_candidate<p>So, it has been like three months using FIDO/U2F keys instead of passwords. Both in my NetBSD and Arch systems.</p><p>I use a "medium" quality password to decrypt the filesystems and other one to decrypt the password manager. And that's it.</p><p>No password to log-in, to unlock screen, to run doas/sudo, etc. Just this little penguin and press its button.</p><p>Also, I'm using this as 2FA for all websites that support it. Lemmy doesn't. It's the only place where I don't use it, yet.</p><p>Because U2F uses the domain name, this is a strong protection against phishing. A similar domain may trick my eyes, but not the key.</p><p>I'm very bad at memorizing passwords, and worse at typing them. Unlocking the screen without typing my password like 3 times is a bless.</p><p>The problems: if my laptop is decrypted anybody with this penguin is root. It's kinda my Horcrux. Also, I need a second one stored safely as a backup.</p><p>So I officially have two horcruxes. Destroy both and I can't log-in anywhere.</p><p><a href="https://mastodon.bsd.cafe/tags/fido" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido</span></a> <a href="https://mastodon.bsd.cafe/tags/u2f" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>u2f</span></a> <a href="https://mastodon.bsd.cafe/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://mastodon.bsd.cafe/tags/NetBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetBSD</span></a> <a href="https://mastodon.bsd.cafe/tags/arch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>arch</span></a> <a href="https://mastodon.bsd.cafe/tags/keepass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>keepass</span></a> <a href="https://mastodon.bsd.cafe/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>password</span></a> <a href="https://mastodon.bsd.cafe/tags/horcrux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>horcrux</span></a></p>
Varbin :arctic_fox: :gay_furr:<p>Do you use your Flipper Zero as a second factor?</p><p>The Flipper Zero can be used as an U2F device (like a Yubikey) to provide a second factor for various online services (e.g. Google, Github). I might want to look into it, and you can help me determining how many people are using it.</p><p><a href="https://infosec.exchange/tags/FlipperZero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FlipperZero</span></a> <a href="https://infosec.exchange/tags/u2f" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>u2f</span></a> <a href="https://infosec.exchange/tags/webauthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webauthn</span></a> <a href="https://infosec.exchange/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkey</span></a></p>
Kayla Eilhart (en)<p>For the last few months, I had a strange issue with my Fedora 40 installation which was driving me mad.<br><br>When I had the computer running for some time, I couldn't use more than one browser, because the other couldn't even start or couldn't load websites. It was happening with Firefox and any other chromium based browser. It was unpredictable and nothing conclusive was visible in the logs and strace just showed it was waiting for something I had a hard time identifying.<br><br>Then I installed Fedora 41 on a laptop and it started to happen immediately there - not just after some time, immediately!<br><br>I took the laptop out from USB-C display to look at it in another room and it stopped.<br><br>Then I vaguely remembered I put an U2F key to my screen's usb hub for convenience of use and the issues started some time after that.<br><br>Yep. It was the key. When it's connected through the USB hub in my screen, the browsers somehow "battle" for it 🤦♀️ It's a normal USB-A U2F key by IDEM. Never heard about such issues, and the key is working normally when connected to the computer directly.<br><br><a href="https://gts.eilhart.cz/tags/justlinuxfun" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>JustLinuxFun</span></a> <a href="https://gts.eilhart.cz/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://gts.eilhart.cz/tags/u2f" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>U2F</span></a> <a href="https://gts.eilhart.cz/tags/fido" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO</span></a> <a href="https://gts.eilhart.cz/tags/chromium" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Chromium</span></a> <a href="https://gts.eilhart.cz/tags/firefox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Firefox</span></a> <a href="https://gts.eilhart.cz/tags/usb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>usb</span></a></p>
release_candidate<p>After some pam configs, I can use the USB keys to authenticate `login` and `doas` instead of password.</p><p><a href="https://mastodon.bsd.cafe/tags/u2f" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>u2f</span></a> <a href="https://mastodon.bsd.cafe/tags/pam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pam</span></a> <a href="https://mastodon.bsd.cafe/tags/fido" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido</span></a> <a href="https://mastodon.bsd.cafe/tags/fido2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido2</span></a> <a href="https://mastodon.bsd.cafe/tags/NetBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetBSD</span></a></p>
release_candidate<p>I've just used one of these to log in here!</p><p>I just installed security/libfido2 from <a href="https://mastodon.bsd.cafe/tags/pkgsrc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pkgsrc</span></a> and restarted Firefox.</p><p>I was mentally prepared for a lot of troubleshooting that never happened lol</p><p><a href="https://mastodon.bsd.cafe/tags/NetBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetBSD</span></a> <a href="https://mastodon.bsd.cafe/tags/fido" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido</span></a> <a href="https://mastodon.bsd.cafe/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a> <a href="https://mastodon.bsd.cafe/tags/u2f" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>u2f</span></a> <a href="https://mastodon.bsd.cafe/tags/libfido2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>libfido2</span></a></p>
Mad A. Argon :qurio:<p>Good news - my <a href="https://is-a.cat/tags/bank" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bank</span></a> started <a href="https://is-a.cat/tags/U2F" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>U2F</span></a> support on their website. <br>Bad news - it is possible to add only one key...</p><p>Polish services and their <a href="https://is-a.cat/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> implementations... :blobfoxannoyed: </p><p><a href="https://is-a.cat/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2FA</span></a></p>
🙃 ɐıunp zsɐɯoʇ<p><span class="h-card" translate="no"><a href="https://mastodon.social/@jerryd" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>jerryd</span></a></span> dlatego zawsze kupuje się dwa takie klucze i robi się z nich dwa bliźniaki, z których jeden masz przy sobie, a drugi w bezpiecznym miejscu jako backup. iPhone nie byłbym dobrym <a href="https://infosec.exchange/tags/U2F" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>U2F</span></a></p>
🙃 ɐıunp zsɐɯoʇ<p>CyberPiekło zamarzło! <a href="https://infosec.exchange/tags/PKO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PKO</span></a> BP wprowadziło obsługę kluczy <a href="https://infosec.exchange/tags/Yubikey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Yubikey</span></a>! 🤯 <a href="https://infosec.exchange/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2FA</span></a> <a href="https://infosec.exchange/tags/U2F" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>U2F</span></a><br>Czyżby sektor bankowy w końcu wkraczał w XXI wiek?! Jeszcze niedawno otrzymałem od innego banku komunikat, że hasło do konta nie może być dłuższe niż 16 znaków…</p>
Charles U. Farley<p>For some reason I've so far been completely unable to use my <a href="https://retro.social/tags/SoloKey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SoloKey</span></a> over NFC on my phone (<a href="https://retro.social/tags/Pixel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pixel</span></a> 8 Pro running <a href="https://retro.social/tags/GrapheneOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GrapheneOS</span></a>). The YubiKey NEO works fine for <a href="https://retro.social/tags/U2F" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>U2F</span></a> if I have <a href="https://retro.social/tags/Bitwarden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bitwarden</span></a> autofill disabled, but scanning the SoloKey always just brings up the SoloKey web page. Doesn't work for <a href="https://retro.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a> either.</p><p>The SoloKey also only works for U2F on my laptop, because I use LibreWolf, and Mozilla is too busy wasting their time on AI to implement security features like PRF.</p>
Tuta<p>On Friday the 13th don't let your online accounts fall into the wrong hands 🥷🥷</p><p>The Tuta Team recommends 👇👇👇</p><p>🔐 Protecting your email with end-to-end encryption: <a href="https://tuta.com/secure-email" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">tuta.com/secure-email</span><span class="invisible"></span></a></p><p>🔑 Using extra login protections like a U2F device: <a href="https://tuta.com/blog/why-u2f-is-important" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tuta.com/blog/why-u2f-is-impor</span><span class="invisible">tant</span></a></p><p>🔐 Keep your passwords safe in a password manager: <a href="https://tuta.com/blog/best-password-manager" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tuta.com/blog/best-password-ma</span><span class="invisible">nager</span></a></p><p><a href="https://mastodon.social/tags/Friday13th" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Friday13th</span></a> <a href="https://mastodon.social/tags/Protection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Protection</span></a> <a href="https://mastodon.social/tags/OnlineSafety" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OnlineSafety</span></a> <a href="https://mastodon.social/tags/TutaMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TutaMail</span></a> <a href="https://mastodon.social/tags/U2F" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>U2F</span></a> <a href="https://mastodon.social/tags/PasswordManager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PasswordManager</span></a> <a href="https://mastodon.social/tags/Encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Encryption</span></a></p>
stv0g<p>I updated my crowd-sourced list of <a href="https://chaos.social/tags/openpgp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openpgp</span></a>, <a href="https://chaos.social/tags/fido" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fido</span></a>, <a href="https://chaos.social/tags/u2f" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>u2f</span></a> and <a href="https://chaos.social/tags/piv" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>piv</span></a>, <a href="https://chaos.social/tags/pki" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pki</span></a> security tokens:</p><p><a href="https://l.0l.de/tokens" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">l.0l.de/tokens</span><span class="invisible"></span></a></p><p>Feel free to have a look if you are in the market for a new security token :-) Contributions and feedback are highly welcome :)</p>
Claudius Link<p>I'm looking for a good overview/comparison of different <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MFA</span></a>/#2FA or <a href="https://infosec.exchange/tags/PasswordLess" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PasswordLess</span></a> authentication protocols. </p><p>The recent <a href="https://infosec.exchange/tags/Fido2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fido2</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a> risk made me aware that I need to learn more.</p><p>Pointers and <a href="https://infosec.exchange/tags/BoostWelcome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BoostWelcome</span></a> </p><p><a href="https://infosec.exchange/tags/fedipower" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fedipower</span></a> <a href="https://infosec.exchange/tags/wisdomOfTheCrowd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>wisdomOfTheCrowd</span></a> <a href="https://infosec.exchange/tags/FollowerPower" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FollowerPower</span></a></p><p>As the best way to get an answer on the internet, is to state something wrong, let's try this 😜 </p><p><a href="https://infosec.exchange/tags/FIDO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO</span></a> and FIDO2 are actually a whole set of (related?) protocols.<br>FIDO includes FIDO <a href="https://infosec.exchange/tags/UAF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UAF</span></a> (Universal Authentication Framework) and FIDO <a href="https://infosec.exchange/tags/U2F" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>U2F</span></a> (Universal Second Factor).</p><p>FIDO2 is the "successor" of FIDO and consists of two parts.<br><a href="https://infosec.exchange/tags/WebAuthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebAuthn</span></a> and <a href="https://infosec.exchange/tags/CTAP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CTAP</span></a> (Client to Authenticator Protocol). From the name I would guess that WebAuthn is for web stuff (requiring browser support) and CTAP is for IT infrastructure stuff (???)</p><p><a href="https://infosec.exchange/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkey</span></a> is based on <a href="https://infosec.exchange/tags/Fido2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fido2</span></a><br>Other related concepts or protocols are <a href="https://infosec.exchange/tags/OTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTP</span></a> (one-time passwords), <a href="https://infosec.exchange/tags/TOTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TOTP</span></a> (Time-based One-time Password) and <a href="https://infosec.exchange/tags/HOTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HOTP</span></a> (“H” in HOTP stands for Hash-based Message Authentication Code (HMAC))</p><p>Not sure how <a href="https://infosec.exchange/tags/SmartCards" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SmartCards</span></a> play into this.</p><p>And not sure which of these methods would work for an offline authentication login into your laptop (and ideally also as key for whole disk encryption)</p>
Martin Schmitt<p>TIL (via <span class="h-card" translate="no"><a href="https://chaos.social/@tsia_" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>tsia_</span></a></span>), <a href="https://mastodon.online/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a> hat <a href="https://mastodon.online/tags/U2F" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>U2F</span></a> unter den <a href="https://mastodon.online/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkey</span></a>-Train geworfen. Choo choo. 🚂🛎️</p>
Michael Downey 🧢<p><a href="https://floss.social/tags/FIDO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO</span></a> <a href="https://floss.social/tags/U2F" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>U2F</span></a> <a href="https://floss.social/tags/WebAuthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebAuthn</span></a> support in <a href="https://floss.social/tags/Flatpak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Flatpak</span></a> when? 🙏 </p><p><a href="https://github.com/flatpak/xdg-desktop-portal/issues/989" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/flatpak/xdg-desktop</span><span class="invisible">-portal/issues/989</span></a></p>
scy<p>TIL: The <a href="https://chaos.social/tags/YubiKey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>YubiKey</span></a> 5 supports setting a PIN for additional <a href="https://chaos.social/tags/U2F" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>U2F</span></a> security – but only the FIPS models, not the normal ones, and only in FIPS Level 1; in Level 2 U2F is forbidden entirely and only FIDO2 can be used.</p>
scy<p>Today I finally sat down to learn how <a href="https://chaos.social/tags/FIDO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO</span></a> <a href="https://chaos.social/tags/U2F" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>U2F</span></a> keys support an "unlimited" number of websites on a single token, without compromising privacy, and without running out of memory on the token.</p><p>Reusing the same public/private keypair would allow websites to track tokens. So, the token generates a new keypair on each registration. But where is it stored?</p><p>With the website! The token encrypts the private key with a token-specific secret and receives it back from the website on each login request.</p>
Karl Voit :emacs: :orgmode:<p>Update:<br>Tipps zur Passwortsicherheit<br><a href="https://karl-voit.at/2023/03/05/Passwortsicherheit/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">karl-voit.at/2023/03/05/Passwo</span><span class="invisible">rtsicherheit/</span></a></p><p>Mit aktuellem Link zum Leak der Sicherheits-<a href="https://graz.social/tags/SMS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SMS</span></a> von <a href="https://graz.social/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Google</span></a>, <a href="https://graz.social/tags/WhatsApp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WhatsApp</span></a> und <a href="https://graz.social/tags/Facebook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Facebook</span></a>.</p><p>TL;DR:<br>1. <a href="https://graz.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO2</span></a> mit physischem USB-Token - mit Abstand das Beste aktuell!<br>2. <a href="https://graz.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> (sofern man Service blind vertraut)<br>3. <a href="https://graz.social/tags/TOTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TOTP</span></a><br>4. Proprietäre <a href="https://graz.social/tags/Authenticator" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticator</span></a>-App<br>5. Einmalcodes per SMS oder E-Mail</p><p><a href="https://graz.social/tags/publicvoit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>publicvoit</span></a> <a href="https://graz.social/tags/Passw%C3%B6rter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwörter</span></a> <a href="https://graz.social/tags/Sicherheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sicherheit</span></a> <a href="https://graz.social/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2FA</span></a> <a href="https://graz.social/tags/U2F" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>U2F</span></a></p>
EntdeckenLive-Feeds
Mastodon ist der beste Zugang, um auf dem Laufenden zu bleiben.
Du kannst jedem im Fediverse folgen und alles in chronologischer Reihenfolge sehen. Keine Algorithmen, Werbung oder Clickbaits vorhanden.
Konto erstellenAnmeldenZum Hochladen hereinziehen