I'm sure there is a simple, totally obvious reason (no trusted central authority problem?) but it seems kind of strange to me that the #Fediverse doesn't allow me to truly use a single login across services via some kind of #FIDO compliant magic, considering that almost everyone is an #infosec person and/or developer. Admittedly, I haven't thought about this too deeply. Also, where's passkey support? #saml #sso

With 3G ending in #Canada I'm being forced to upgrade my otherwise perfectly good phone

Anyone have experience with the #MotorolaG series?
I've been looking at the Moto G Stylus and trying to decide if it's a worthy change up or if I'll be annoyed with a stylus or the somehow lower specs than my current phone... Currently rocking a #OnePlus8T for comparison.

What's up with #Fido Customer service?

For three days all I get is a message saying "extremely high call volumes" and get dumped. No way to schedule a call back

Chat is the same - all paths to humans lead to a dead end web site referral.

I can't reach a human by phone or via chat.

Rogers to charge their customers (including Fido) $3/month for 2G and 3G access. It will not apply if the phone connects to 4G or 5G. Network to shutdown starting 31 July 2025.

https://mobilesyrup.com/2025/04/07/rogers-fido-3g-fee-may/
- - -
Rogers facturera ses clients (incluant Fido) 3$/mois pour l’accès aux réseaux 2G et 3G. Cela ne s’appliquera pas si le téléphone se connecte à la 4G ou 5G. Le réseau commencera à fermer le 31 juillet 2025.

// Article en anglais //

People who use hardware security keys: Storing them in geographically diverse locations is a wise move but makes it impossible to quickly onboard. How do you keep track of where you’ve registered each key? A checklist in a spreadsheet is obvious but cumbersome. Is there a better way? (Yes I use passkeys extensively but for certain services like email, iCloud, and my password manager, a hardware option is desirable if not mandatory.) #YubiKey #YubiKeys #FIDO #FIDO2 #FIDOKey #FIDOKeys #Security

The FIDO Alliance's CEO points to non-trivial signs of progress in both consumer and enterprise passkey adoption but allows that a lot of work remains.

#passkeys #password #fido #alliance #adoption
https://www.pcmag.com/news/the-passkey-future-is-here-but-some-companies-still-make-it-too-complicated

It's good to treat your your hair #howto #hairstyles #haircrown #shorts #haircare #joy #fido https://www.youtube.com/watch?v=9Vk-mjXMz2E&utm_source=dlvr.it&utm_medium=mastodon #HairCare #Hairstyles #ShortHair #HairTips #Beauty

It's good to treat your your hair #howto #hairstyles #haircrown #shorts #haircare #joy #fido https://www.youtube.com/watch?v=9Vk-mjXMz2E&utm_source=dlvr.it&utm_medium=mastodon #HairCare #HairstyleTips #HairInspo #BeautifulHair #TrendyHairstyles

So, it has been like three months using FIDO/U2F keys instead of passwords. Both in my NetBSD and Arch systems.

I use a "medium" quality password to decrypt the filesystems and other one to decrypt the password manager. And that's it.

No password to log-in, to unlock screen, to run doas/sudo, etc. Just this little penguin and press its button.

Also, I'm using this as 2FA for all websites that support it. Lemmy doesn't. It's the only place where I don't use it, yet.

Because U2F uses the domain name, this is a strong protection against phishing. A similar domain may trick my eyes, but not the key.

I'm very bad at memorizing passwords, and worse at typing them. Unlocking the screen without typing my password like 3 times is a bless.

The problems: if my laptop is decrypted anybody with this penguin is root. It's kinda my Horcrux. Also, I need a second one stored safely as a backup.

So I officially have two horcruxes. Destroy both and I can't log-in anywhere.

According to a new survey from the FIDO Alliance, passkey awareness and adoption have grown since being introduced two years ago. 57% of those polled said they're aware of passkeys, up from the 39% last year.

#fido #alliance #passkeys
https://www.zdnet.com/article/passkeys-are-more-popular-than-ever-this-research-explains-why/

PSA for #IdAustria users: After a local attack on YubiKey devices (CVSS 4.9), A-Trust has delisted them from enrollment with ID-Austria via #WebAuthn.
Apart from factually being an overreaction (they demand #FIDO Level 2 which scalable attacks, and that attack is neither), they have not reinstated those devices in the fixed revisions of the vendor; let's see if they'll see reason
https://www.yubico.com/support/security-advisories/ysa-2024-03/
https://a-trust.at/de/%C3%BCber_uns/newsbereich/20240905_de_post.html

#Passkeys sicher importieren und exportieren | iX Magazin https://www.heise.de/news/Passkeys-sicher-importieren-und-exportieren-9982006.html #passkey #FIDO

The #FIDO Alliance is working on the Credential Exchange Protocol to make #Passkeys more portable or exportable, but why? Passkeys can and should be disposable. Your export path from one passkey manager to another should be the list of all the providers you need to generate. It's not like they take more than milliseconds to generate, and why set yourself up for a situation where valid keys are in multiple legacy locations?

After some pam configs, I can use the USB keys to authenticate `login` and `doas` instead of password.

I ordered two FIDO2 USB keys.

I want to know how (in)convenient are they.

If I can use them, I will have KeepassXC with passwords only, and a separated second factor.

Plus, this second factor won't be as attractive as smartphones to thefts. So, less chances to lost it.

I've read that a good strategy is to have a USB key for everyday use, and a second one stored in a safe place as a backup, just in case the primary one is lost or damaged.

If I understood correctly what I've read, they will be compatible with NetBSD. One can only hope xD