By @edent · cyb hacking yubikey · 4 comments · 800 words · read ~404 times.
It looks like everyone's favourite FIDO token provider might have an unpatchable vulnerability! Much Sturm und Drang from the usual sources. But how bad is it really? Not so bad - but it does expose some weaknesses in the very idea of having physical tokens. First up, as the research paper's abstract says: The attack […]
Continue reading →By @edent · fido security WebAuthn yubikey · 10 comments · 400 words · read ~370 times.
After my blog post about recovering my accounts after a disaster, I followed the most repeated advice: Get two YubiKeys Associate them both with your accounts Keep one off-site in a safe location OK, done! My wife and I spend a very boring evening going through every single account we have which supports FIDO tokens […]
Continue reading →By @edent · 2fa security yubikey · 8 comments · 300 words · read ~6,495 times.
I found this on a security-related Slack (shared with permission). It launched an entertaining discussion about the risks of taking a potentially fake FIDO token. We all know the risks of taking a free USB drive and shoving it in our computer, right? USB sticks can install software, act as a keylogger, transmit data over […]
Continue reading →By @edent · nfc security WebAuthn yubikey · 6 comments · 700 words · read ~1,464 times.
The FIDO specification defines a form of Universal 2nd Factor (U2F) when users log in to a system. Rather than relying on one-time codes sent via SMS, or displayed on a phone screen, these are physical hardware tokens which are used to supplement passwords. When used with websites, this technology is also known as WebAuthn. […]
Continue reading →By @edent · 2fa security usability yubikey · 23 comments · 700 words · read ~31,891 times.
Another day, another high-profile website cloned to phish credentials. Tess Rinearson@_tessrIs this a phishing attempt? Goes to "githubverification.com" and asks for username and pw (if so, it nearly got me!) /cc @github pic.x.com/jgt4onvjf2❤️ 2,322💬 115♻️ 016:12 - Sat 16 January 2021 In the replies, you’ll see lots of techbros saying “this is why you should […]
Continue reading →