Create accountLogin

Recent searches

No recent searches

Search options

Not available on lingo.lol.
lingo.lol is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for linguists, philologists, and other lovers of languages.

Administered by:

Server stats:

59
active users

lingo.lol: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.8

#passkeys

10 posts9 participants0 posts today
Public
Lenin alevski 🕵️💻

New Open-Source Tool Spotlight 🚨🚨🚨

Pocket ID is an OIDC provider simplifying authentication with passkeys. No passwords. Think secure logins using Yubikeys or biometrics. Lightweight compared to Keycloak or Hydra and ideal for focused use cases. Built for Docker setups. #Passkeys #OIDC

🔗 Project link on #GitHub 👉 github.com/pocket-id/pocket-id

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Continued thread
Public
Karl Fredrik 🦊

True story,
- Log into browser with IdP
- Get logged out of IdP
- Log back into IdP
- Click something in the browser's popover and now your browser has a passkey to the IdP
- Get logged out of browser and IdP
- Get locked out because you need to log into the browser to log into the IdP to log into the browser to log into the IdP to...

How can this failure mode exist?

Where do we even start to communicate this to users in a good way?

/rant

#infosec#passkeys#ux
Public
Karl Fredrik 🦊

#Passkeys are pretty cool, but the shotgun approach to implementation is horrendous.

It really grinds my gears that every browser, password manager++ tries to swoop in and steal that user flow.

Suddenly you've created and added passkeys to services without your intention, no knowing what key is used, which service has it or whether it's bound to hardware or roaming. It could be in the cloud for all you know.

I'm struggling to keep track, and I work with this every day...

#enshittification
Replied in thread
Public
Marcel Waldvogel

Der Weg zu einem zuverlässigen Phishingschutz ist unklar und schwierig. Ein Schritt ist die Abkehr von Passwörtern, die wir Menschen uns merken müssen und damit auch einmal am falschen Ort eingeben können. Z.B. über #PassKeys.

Aber auch Sender von "guten" Mails könnten diese klarer von Phishing abgrenzen. Beispielsweise immer nur ab der eigenen, bekannten Domain versenden und Call-to-Action-Links nur auf ihre Domain zeigen lassen.

Mehr hier:
dnip.ch/2025/05/28/schweizerde

Collage von Phishing-Loginseiten
Das Netz ist politisch · Schweizerdeutsch liegt im Trend – auch bei Phishing - Das Netz ist politischSpam und Phishingversuche auf Schweizerdeutsch scheinen beliebter zu werden. Wieso nutzen Spammer denn diese Nischensprache? Schauen wir in dieser kleinen
Public *
Lucas Janin 🇨🇦🇫🇷

I love #PocketID, a light weight #selfhosted #OIDC using only #Passkey.

After using it for several months with an LXC installation using Proxmox Helper Scripts, I noticed that the service runs as root. I also learned that a VM installation is more secure than an LXC. This article will guide you through installing Pocket-ID as a non-root service on Debian. Additionally, there's an upgrade script included.

#Proxmox #debian #selfhosting #homelab #openID #passkeys #SSO

lucasjanin.com/2025/06/02/pock

Public *
Jonathan Kamens 86 47

Handle MFA like a pro so you don’t get locked out or let the bad guys in

Why you should use MFA, what about passkeys, what kind of MFA to use, how to make it easier to use, and how to protect yourself against being locked out of an account because of MFA.
#infosec #MFA #passwordManager #passkeys
blog.kamens.us/2025/05/06/hand

Something better to do · Handle MFA like a pro so you don’t get locked out or let the bad guys in
More from jik
Public
knoppix

Samsung's clipboard #security flaw exposes all copied content, including passwords, as plain text indefinitely.

Users are advised to avoid using the clipboard for sensitive #information until a fix is implemented.

#Samsung moderators acknowledge the issue and are considering enhancements for future updates.

For now, consider using #passkeys for secure authentication.

Stay vigilant.

tomsguide.com/computing/online

Tom's Guide · Samsung phone security flaw leaves passwords exposed — protect yourself nowBy Amber Bouman
#Technology#TechNews#Tech
Public
.:. brainsik

When using #passkeys I experience one of these 3 behaviors:

1. Immediately logged in (even if #MFA is enabled)
2. I’m prompted for an MFA token
3. I’m only asked for my passkey after I’ve entered some amount of other information. Possibly just and email or phone number or sometimes my full login/password where the passkey is acting as an MFA token.

Would be nice if this was consistent. Feels like rolling UX dice every time.

ExploreLive feeds
About