34
Passkey Redaction Attacks Subvert GitHub, Microsoft Authentication
(www.darkreading.com)
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
Community Rules
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
Okay, so it's just like Yubikey-type stuff? I've thought about that before but it seems very risky - they recommend you get two and set both of them up so you have a backup, but that would require all websites to support that, right?
I'm down for using BitWarden, though, if I can substitute it for physical keys.
Pretty much. I suppose that's a very real disadvantage to using physical passkeys. If you lose it, unless you have multiple passkeys configured, or have access to an account recovery method, you lose that account.
But, like you mentioned, using Bitwarden would sidestep that issue, and they do support passkey emulation.