Add Aliexpress & Premise Health (#70)
https://github.com/2factorauth/passkeys/commit/f3a65584002fde1d8bb52ebace91e43fa10f243b
passkeys
Achievement of the day: I just finished migrating my passkeys and 2FA secrets away from Google and Microsoft. I also removed Google Authenticator from all my devices.
Microsoft Authenticator is now down to a single device with a couple of entries from clients that won't provide alternatives.
I went with self-hosted Bitwarden + Aegis, but there are plenty of other great alternatives: Proton Pass, Ente Auth, etc. A big small step away from Big Tech.
RE: https://mastodon.online/@rakekniven/116144777953874962
The result tells me it's still a long way to go before #Passkeys are established. There are enthusiasts among you, but the majority do not use them.
Thank you for joining in. #keepassXC #nextcloud
Please, please, please stop using passkeys for encrypting user data · Timbits
"Passkeys are the future of authentication, but using them for data encryption is a disaster waiting to happen. Overloading these credentials creates a dangerous blast radius that can lead to the irreversible loss of a user's most sacred memories and documents."
Ich konnte mit der #FDroid App #Authnkey eine PIN auf meinen #solokeyV2 setzten. Damit lässt er sich nun auch endlich für #Passkeys nutzen.
Waffling between #Safari, #Firefox and #Edge (!) on my work #Mac now that #1Password is going away for me and I’ve migrated my secrets over to #KeePassXC.
I prefer Safari overall, but it doesn’t have a KeePassXC plugin, so I can’t use it for work related #PassKeys, which may or may not be a problem.
#Orion was on my shortlist for browsers but failed hard in Confluence and ServiceNow - both are necessary tools for me. I might revisit it with a different combination of extensions, but it didn’t work the way I wanted it to. Otherwise I love the idea of being able to use both Firefox and Chrome plugins in a WebKit browser.
Edge has the benefit (for work purposes) of being integrated with my Microsoft profile.
Firefox isn’t Chrome-based.
I’ll give them all a good test drive and then we’ll see where I end up.
Helpful advice and why #passkeys can’t happen fast enough.
Edited 36d ago
🚨𝗞𝗹𝗲𝗶𝗻𝗲𝗿 𝗥𝗲𝗺𝗶𝗻𝗱𝗲𝗿🪢😁
#ÄndereDeinPasswortTag am Sonntag, 01.02.2026!
🔐Regelmäßige Passwortwechsel erhöhen die Sicherheit nur begrenzt. Maßgeblich sind heute Länge & Entropie: Lange #Passphrasen aus mehreren Wörtern sind kurzen, komplexen Passwörtern überlegen – vorausgesetzt, die Wörter sind nicht naheliegend, nicht personenbezogen und ungewöhnlich kombiniert.
Empfehlung: #Passwortmanager, MFA & #Passkeys.
Infos zu unseren Sicherheits- & Vertrauensdiensten: https://www.dfn.de/dienste/security-trust-and-identity-services/
@dfncert
Edited 43d ago
Add plausible tracking script (#137)
https://github.com/bitwarden/passkeys-index/commit/0ad639e0cfd85cd616ec9e87a1246962cd67ba6b
#passkeys #fidokeys #passwords #threatmodel what is the actual difference #fido2 #yubikey
Thinking Differently About Passkeys New Threats Require a New Threat Model
🎉 Self-Hosted Human and Machine #Identity in #Keycloak 🎉
Our 26.4 release brings great updates with #passkeys and the latest security best practices for #OpenID Connect with #FAPI and DPoP.
Automatically roll out and rotate client credentials with #spiffe, #spire and #Kubernetes service account tokens.
Start your #sovereign journey and read all in our latest #cncf blog post:
https://www.cncf.io/blog/2025/11/07/self-hosted-human-and-machine-identities-in-keycloak-26-4/
#Keycloak 26.4 is out with a lot of new capabilities for your self-hosted #iam:
* #Passkeys
* Client Authentication to use #SPIFFE or #Kubernetes service account tokens
* Simplified deployments across multiple availability zones to boost availability.
* #FAPI 2 Final
* #DPoP: The OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP) is now fully supported.
Read more the full release announcement: https://www.keycloak.org/2025/09/keycloak-2640-released
Edited 164d ago
KeyConf #Amsterdam is happening tomorrow, and we're all looking forward to it for all things Keycloak!
We will discuss everything #identity, #passkeys, #security, and #openidconnect. If you can join us on-site to meet, discuss and connect, that's great. We still have a small number of tickets available, so please come!
We are also planning to have a #livestream on https://keyconf.dev/ (fingers crossed) with a live chat. So please reserve some time to join us!
Disappointed to see @bitwarden take a cavalier approach to security and rollback user verification for passkeys due to "user friction".
Not only that, but they'll proceed to lie about having done UV in the attestation instead of returning uv=false as they should.
This will just cause Bitwarden's AAGUID being banned on most major services, and hurt passkey adoption.
If a service requires UV, then authenticators MUST act responsibly and do UV.
Edited 1y ago
Well aren't #PassKeys a bunch of shit.
I'm unable to login to GitHub on my phone now as there is no integration between #1Password and #Firefox on my Android 14 device, or Chrome for that matter - it just seems to want to use the built-in support.
Apparently none of that works at the moment, so I guess I'll remove the keys from all those services I just added them to then.