#Tag · bonfire.cafe

Sounds doable. Oh snag! The interface does not allow me to pick a passkey like the Help sections show.

Apparently Passkeys are not supported anymore!?

I have quit a high-tolerance for bureaucracy, opaque rules & stupid systems, but I'm not going to waste anymore time on this for now. I just wanted to discuss a possible bug 😩

Please @EC_OSPO @EC_DIGIT or whoever, fix this horrible system & enable participation by the wider opensource community.

CC @bert_hubert @rriemann

#OpenSource #Tech

Benedikt Wi

@benedikt@ruhr.social replied · last week

@BjornW @EC_OSPO @EC_DIGIT @bert_hubert @rriemann After login in with a password, I was able to setup a #nitrokey at https://ecas.ec.europa.eu/cas/userdata/webauthn/manageMyWebAuthnDevices.cgi (if you prefer some software solution: #bitwarden / #vaultwarden also works) #webauthn #passkey

EU Login

Daniel Appelquist boosted

W3C Developers

@w3cdevs@w3c.social · 4 weeks ago

Web Authentication defines an #API for creating and using securely and smoothly public key-based credentials in Web #browsers.
This 3rd level adds client features that make passkeys easier to use and help transition from passwords via conditional mediation (learn more at https://passkeys.dev). It also enables cross-origin iframe support for use cases like federated identity and payments #WebAuthn

▶️ https://www.w3.org/TR/webauthn-3 #timetoimplement

Feedback wlc: https://github.com/w3c/webauthn/issues

Web Authentication: An API for accessing Public Key Credentials - Level 3

W3C Developers

@w3cdevs@w3c.social · 4 weeks ago

▶️ https://www.w3.org/TR/webauthn-3 #timetoimplement

Feedback wlc: https://github.com/w3c/webauthn/issues

Web Authentication: An API for accessing Public Key Credentials - Level 3

hexa-

@hexa@chaos.social · 2 months ago

#Gandi just "upgraded" me from U2F to E-Mail MFA.

U2F binding was removed. E-Mail MFA was put in place instead.

No advanced warning, no migration period.

Would have gladly upgraded that to #Webauthn had they asked.

Strong signal that the "no bullshit" policy is no more.

E-Mail from Gandi Support:

Dear user,

Gandi is evolving, and so is its security!

Security keys now use a new protocol. Keys registered before September
10, 2019, are no longer compatible and have been deactivated.

Therefore, we have removed your security keys: yubikey from your account.

To maintain a satisfactory level of security, we have enabled MFA via email
for your account.

However, you can re-register them in your administration console, in the
ACCOUNT application.

Please feel free to contact us if needed.

Sincerely,
The Gandi Team — E-Mail from Gandi Support: Dear user, Gandi is evolving, and so is its security! Security keys now use a new protocol. Keys registered before September 10, 2019, are no longer compatible and have been deactivated. Therefore, we have removed your security keys: yubikey from your account. To maintain a satisfactory level of security, we have enabled MFA via email for your account. However, you can re-register them in your administration console, in the ACCOUNT application. Please feel free to contact us if needed. Sincerely, The Gandi Team

Lucas Garron boosted

Matthew Miller :donor:

@iamkale@infosec.exchange · 5 months ago

The FIDO Alliance put out an official statement in response to recent security research reports and conference talks that misrepresent endpoint compromise as "passkey vulnerabilities" 🔥

https://fidoalliance.org/passkeys-are-not-broken-the-conversation-about-them-often-is/

#passkeys #webauthn

Matthew Miller :donor:

@iamkale@infosec.exchange · 5 months ago

The FIDO Alliance put out an official statement in response to recent security research reports and conference talks that misrepresent endpoint compromise as "passkey vulnerabilities" 🔥

https://fidoalliance.org/passkeys-are-not-broken-the-conversation-about-them-often-is/

#passkeys #webauthn