treesgrowslow (u/treesgrowslow)

treesgrowslow commented on Passkeys – Under the Hood research.kudelskisecurity... · Posted by u/paulgerhardt

Let me add an operations and service delivery perspective. Our company relies solely on Passkeys for sign-in. The experience is both insanely good yet annoying.

A colleague summarized our latest Passkey issues showing the ecosystem remains fragile for enterprises:

Fragile Passkey Ecosystem for Enterprises https://news.ycombinator.com/item?id=39742107

treesgrowslow commented on Fragile Passkey Ecosystem for Enterprises denniskniep.github.io/pos... · Posted by u/treesgrowslow

treesgrowslow · a year ago

Companies rely solely on Passkeys for authentication. Issues and breaking changes within the Passkey ecosystem can prevent users from signing in. We kindly request all contributors of the Passkey ecosystem to be mindful of your responsibilities and act carefully.

Posted by u/treesgrowslow a year ago

Fragile Passkey Ecosystem for Enterprises denniskniep.github.io/pos...

treesgrowslow commented on Phishing-Resistant MFA for Apps Without WebAuthn-Support (Fido). Enjoy denniskniep.github.io/pos... · Posted by u/treesgrowslow

treesgrowslow · 3 years ago

We developed FIDO MFA via Standard Browser for applications without WebAuthn Support.

Only if we enforce FIDO-only MFA and block legacy authentication via SMS, Call and Authenticator App we are truly phishing-resistant.

WebAuthn is a requirement, but not always available. Some legacy Apps use WebViews without Webauthn support.

Detached FIDO Authentication is the answer.

We are looking forward to your feedback and hopefully improvement ideas.

Posted by u/treesgrowslow 3 years ago

Phishing-Resistant MFA for Apps Without WebAuthn-Support (Fido). Enjoy denniskniep.github.io/pos...

u/treesgrowslow

KarmaCake day1December 1, 2022View Original