Cliff<p>Not really surprised to see this. </p><p>Microsoft Authenticator is ending support for passwords.</p><p><a href="https://www.theverge.com/news/695288/microsoft-authenticator-autofill-store-passwords" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theverge.com/news/695288/micro</span><span class="invisible">soft-authenticator-autofill-store-passwords</span></a></p><p><a href="https://infosec.exchange/tags/MS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MS</span></a> <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://infosec.exchange/tags/Authenticator" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticator</span></a> <a href="https://infosec.exchange/tags/Password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Password</span></a> <a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> <a href="https://infosec.exchange/tags/Apps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apps</span></a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>News</span></a> <a href="https://infosec.exchange/tags/Tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tech</span></a> <a href="https://infosec.exchange/tags/TechNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechNews</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
225active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.8
#Passkeys
0 posts · 0 participants · 0 posts today
Andrew France<p>It may be a link to the Orange Website (sorry) but it's reassuring to see people are cottoning on to the fact that <a href="https://social.vivaldi.net/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a> are a terrible solution for users: <a href="https://news.ycombinator.com/item?id=44426985" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">news.ycombinator.com/item?id=4</span><span class="invisible">4426985</span></a></p>
Ian Brown 👨🏻💻<p>As requested from several directions, I updated my expert profile on the EU's experts website, since <a class="mention" href="https://bsky.app/profile/ec.europa.eu" rel="nofollow noopener noreferrer" target="_blank">@ec.europa.eu</a> is looking for more reviewers. But as usual, the horror of the EC's own login system (WHY!) struck again (<a class="hashtag" rel="nofollow noopener noreferrer" href="https://bsky.app/search?q=%23ECAS" target="_blank">#ECAS</a>).
WHY DOESN'T IT USE STANDARD WEB TECHNOLOGIES LIKE <a class="hashtag" rel="nofollow noopener noreferrer" href="https://bsky.app/search?q=%23PASSKEYS" target="_blank">#PASSKEYS</a>!!</p>
Ian Brown 👨🏻💻<p>As requested from several directions, I tried to update my expert profile on the EU's experts website, since <span class="h-card" translate="no"><a href="https://social.ngi.eu/@ngi" class="u-url mention">@<span>ngi</span></a></span> is looking for more reviewers. But as usual, the horror of the EC's own login system (WHY!) struck again (<a href="https://eupolicy.social/tags/ECAS" class="mention hashtag" rel="tag">#<span>ECAS</span></a>).</p><p>WHY DOESN'T IT USE STANDARD WEB TECHNOLOGIES LIKE <a href="https://eupolicy.social/tags/PASSKEYS" class="mention hashtag" rel="tag">#<span>PASSKEYS</span></a>!!</p><p>I STILL CAN'T ACTIVATE 2FA AND I HAVE THE EU LOGIN APP SET UP ON MY IPHONE!</p><p>GAAAAAAAAAAAAAH! 🤯</p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://sigmoid.social/@oliversampson" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>oliversampson</span></a></span> <span class="h-card" translate="no"><a href="https://cathode.church/@kaye" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kaye</span></a></span> </p><p>Primary passkeys advantage:<br>• With some uncommon exceptions, you cannot (be persuaded to) log in to a phishing website with a (slightly) different domain name *USING A PASSKEY* (see below) - because software (not you) checks the domain name.</p><p>Some passkeys disadvantages:<br>• Typically you yourself do not have access to each passkey's private key (*)(usually you can't back them up/export them). Risks: vendor lock-in and losing access to accounts.</p><p>• Because there's a risk of losing access to passkeys and thus to accounts, usually accounts can also be accessed using a rescue code - which renders them phishable again.</p><p>• Implementation errors (both Apple and Android suffered from them, and probably still do - I did not check today).</p><p>(*) For each new passkey, your device generates a unique complementary keypair. The public key is stored in your account on the server and is used to verify that your device has access to the complementary private key, which is kept secret. However, even if attackers do not have access to your private key(s), there are other ways for them to obtain access your account(s).</p><p>A reasonable alternative to passkeys is using a password manager that "integrates" with the browser to verify the domain name of the site you're logging in to. Android and iOS "Autofill" provide such a bridge between password managers and browsers (without requiring browser plug-ins).</p><p><a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> <a href="https://infosec.exchange/tags/PasswordManagers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PasswordManagers</span></a> <a href="https://infosec.exchange/tags/DomainNames" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DomainNames</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MitM</span></a></p>
Karl Voit :emacs: :orgmode:<p><span class="h-card" translate="no"><a href="https://social.bund.de/@bsi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bsi</span></a></span> Nitpicking: gerade bei <a href="https://graz.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> besteht die Möglichkeit, über die Cloud auch anderen Personen Zugriff zu geben. Daher muss man mit Passkeys genau aufpassen, wem man hier Rechte eingeräumt hat.</p><p>Daher sind Passkeys auch in solchen Fällen leider anfällig auf <a href="https://graz.social/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> (Angreifer gibt vor, Freund zu sein).</p><p>Aber immer noch besser als fast alle anderen Authentifizierungsmethoden. 👍 Nur HW-Tokens mit <a href="https://graz.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO2</span></a> sind besser, da sie die privaten Keys nicht auslesbar speichern.</p>
Oliver Sampson<p><span class="h-card" translate="no"><a href="https://cathode.church/@kaye" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kaye</span></a></span> I completely agree and instinctively refused using <a href="https://sigmoid.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a> without even thinking why.</p>
Karsten Schmidt<p><span class="h-card" translate="no"><a href="https://mastodon.gamedev.place/@jonikorpi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>jonikorpi</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.gamedev.place/@aeva" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>aeva</span></a></span> There are quite a few well documented usability and vendor/platform lock-in issues with <a href="https://mastodon.thi.ng/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a> though, some not immediately obvious to most users. I too still remain unconvinced they're an improvement over using a x-platform password manager...</p><p><a href="https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2024/</span><span class="invisible">12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/</span></a></p><p><a href="https://proton.me/blog/big-tech-passkey" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">proton.me/blog/big-tech-passke</span><span class="invisible">y</span></a></p>
Seth G.<p><span class="h-card" translate="no"><a href="https://mastodon.social/@protonprivacy" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>protonprivacy</span></a></span> 's <a href="https://chaos.social/tags/ProtonPass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProtonPass</span></a> is the only European cross-platform <a href="https://chaos.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a> manager I've found, and I love it. </p><p><a href="https://chaos.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a> <a href="https://chaos.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://chaos.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://chaos.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://chaos.social/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a></p>
Zeroday Podcast (sven)<p>Wie kann ich denn <a href="https://chaos.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> zwischen <a href="https://chaos.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a>, <a href="https://chaos.social/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a>, <a href="https://chaos.social/tags/iOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iOS</span></a> und <a href="https://chaos.social/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> synchronisieren? Ich habe <a href="https://chaos.social/tags/Keepass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Keepass</span></a> und <a href="https://chaos.social/tags/Nextcloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Nextcloud</span></a> im Einsatz auf allen Systemen, falls das hilft. Hat irgendwer eine Idee? Ohne machen die für mich keinen Sinn.</p>
WinFuture.de<p>Mit der neuesten <a href="https://mastodon.social/tags/Windows11" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows11</span></a>-<a href="https://mastodon.social/tags/Vorschau" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vorschau</span></a> trägt zum ersten Mal ein Build offiziell die Versionsbezeichnung <a href="https://mastodon.social/tags/25H2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>25H2</span></a>. Das <a href="https://mastodon.social/tags/Update" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Update</span></a> bringt unter anderem verbesserte Unterstützung von <a href="https://mastodon.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> und behebt einige Fehler. <a href="https://winfuture.de/news,151886.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">winfuture.de/news,151886.html?</span><span class="invisible">utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia</span></a></p>
Karl Voit :emacs: :orgmode:<p><span class="h-card" translate="no"><a href="https://social.bund.de/@bsi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bsi</span></a></span> Sorry, starke Passwörter mit 2FA oder <a href="https://graz.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> helfen leider nicht prinzipiell gegen Phishing.</p><p>Gerade bei der Methode mittels Smartphones kann man seine Passkey-Geheimnisse in die Cloud als auch zu anderen Personen transferieren. Das ist der Knackpunkt. In Zukunft zielt <a href="https://graz.social/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> dann halt auf die Übermittlung der Geheimnisse zum Angreifer ab.</p><p> <a href="https://arxiv.org/abs/2501.07380" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arxiv.org/abs/2501.07380</span><span class="invisible"></span></a> "Another concern could be social engineering, where a user is tricked into sharing a passkey with an account controlled by an attacker." -> Schutz nur bei ausschließlich "device-bound passkeys" in der "roaming-authenticator"-Variante = Hardware <a href="https://graz.social/tags/FIDO2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FIDO2</span></a> Tokens. Die sind aktuell det einzige Schutz gegen Phishing.</p><p>Aber alles ist besser als kein <a href="https://graz.social/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2FA</span></a>.</p>
BSI<p>Reality-Check zu Online-Kriminalität: Die Top 3 sind Betrug beim <a href="https://social.bund.de/tags/OnlineShopping" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OnlineShopping</span></a>, <a href="https://social.bund.de/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a> und Banking-Betrug. Was hilft? Starke Passwörter mit 2FA oder <a href="https://social.bund.de/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a>, kritisches Prüfen von Mails und unsere „Checklisten für den Ernstfall“. Kostenlos bei <a href="https://social.bund.de/tags/BSI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BSI</span></a> & <a href="https://social.bund.de/tags/ProPK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ProPK</span></a>: <a href="https://www.bsi.bund.de/dok/847940" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">bsi.bund.de/dok/847940</span><span class="invisible"></span></a></p>
Pachli<p><span class="h-card" translate="no"><a href="https://berlin.social/@hen" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>hen</span></a></span> That's why the protocol solution is better I think.</p><p>An alternative, that allows any app to pop up on any domain in a link the user clicks on would be a nightmare from a security / phishing / click jacking perspective.</p><p>I've got a sneaking suspicion (but need to look into it some more) that <a href="https://mastodon.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a> have a similar problem for third party clients.</p>
Zorz Studios<p>📰 Today's top stories, curated for you by Zorz Studios: <a href="http://zorz.it/newspaper" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">http://</span><span class="">zorz.it/newspaper</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/ZonerStudio" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ZonerStudio</span></a>: a new name for a new era of <a href="https://mastodon.social/tags/ContentCreators" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ContentCreators</span></a>;<br>- <a href="https://mastodon.social/tags/Facebook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Facebook</span></a> unveils <a href="https://mastodon.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a>: simplifying sign-ins for <a href="https://mastodon.social/tags/SmallBusinesses" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SmallBusinesses</span></a>;<br>- A <a href="https://mastodon.social/tags/SummerWedding" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SummerWedding</span></a> in <a href="https://mastodon.social/tags/France" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>France</span></a> at Chateau De La Napoule;<br>- Jess Cartner-Morley on <a href="https://mastodon.social/tags/fashion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fashion</span></a>: finding the perfect <a href="https://mastodon.social/tags/SummerJacket" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SummerJacket</span></a>;<br>- 5 outstanding <a href="https://mastodon.social/tags/artworks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>artworks</span></a> at <a href="https://mastodon.social/tags/ListeArtFairBasel2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ListeArtFairBasel2025</span></a>, and more</p><p><a href="https://mastodon.social/tags/ZoracleDaily" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ZoracleDaily</span></a> <a href="https://mastodon.social/tags/newspaper" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>newspaper</span></a></p>
Politics Canada<p>Sixteen billion passwords may have been stolen. Here's how to protect yourself <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.social/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> <a href="https://mastodon.social/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a> <a href="https://mastodon.social/tags/technews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technews</span></a> <br><a href="https://ca.finance.yahoo.com/news/sixteen-billion-passwords-may-stolen-171530688.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ca.finance.yahoo.com/news/sixt</span><span class="invisible">een-billion-passwords-may-stolen-171530688.html</span></a></p>
Marcel SIneM(S)US<p>Meta kündigt <a href="https://social.tchncs.de/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> für <a href="https://social.tchncs.de/tags/Facebook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Facebook</span></a> an | Security <a href="https://www.heise.de/news/Meta-kuendigt-Passkeys-fuer-Facebook-an-10420720.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Meta-kuendigt-Pa</span><span class="invisible">sskeys-fuer-Facebook-an-10420720.html</span></a></p>
Francisco Villafáñez<p>Facebook ahora permite iniciar sesión con passkeys, eliminando la necesidad de contraseñas. Más seguridad, menos complicaciones. <a href="https://ift.tt/hI2gOZP" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">ift.tt/hI2gOZP</span><span class="invisible"></span></a> <a href="https://mastodon.social/tags/Facebook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Facebook</span></a> <a href="https://mastodon.social/tags/Ciberseguridad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ciberseguridad</span></a> <a href="https://mastodon.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a></p>
tekphloyd :neobread_laptop:<p>2026 is the year of <a href="https://social.lol/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a>! 🔑 🙌<br><a href="https://www.youtube.com/watch?v=mV68bUYVSL0" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=mV68bUYVSL</span><span class="invisible">0</span></a></p>
AppleX4<p>🔐 Facebook ya soporta Passkeys en iPhone y iPad. ¡Adiós contraseñas! Solo Face ID o Touch ID para iniciar sesión. Más seguro, más fácil y... por fin. 😎<br><a href="https://mastodon.social/tags/Apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apple</span></a> <a href="https://mastodon.social/tags/Facebook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Facebook</span></a> <a href="https://mastodon.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload