eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
@technotenshi #Passkeys are not prone to #phishing according to my understanding of:
https://arxiv.org/abs/2501.07380
The paper describes that it's possible to fool Passkey owners to transfer their #Passkey to attackers: "Another concern could be social engineering, where a user is tricked into sharing a passkey with an account controlled by an attacker."
However, the authors disagree with my interpretation.
The only really secure method is hardware #FIDO2 tokens where the secrets can't leave the device.
@0xF21D Any more reason to switch to FIDO2 with hardware tokens or #Passkeys.
The latter only if you trust the service providers and if you don't need protection against phishing. With Passkeys and their optional delegation feature you can be tricked into transferring to a hacker.
With a #FIDO2 hardware token, you're really safe.
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLogin