Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

You need tender loving care once a week - so that I can slap you into shape. -- Ellyn Mustard


computers / comp.sys.mac.system / Re: Apple, Google & Microsoft want to kill the password with Passkey standard

SubjectAuthor
* Apple, Google & Microsoft want to kill the password with Passkey standardNewsKrawler
`* Re: Apple, Google & Microsoft want to kill the password with PasskeyYK
 `- Re: Apple, Google & Microsoft want to kill the password withLewis

1
Apple, Google & Microsoft want to kill the password with Passkey standard

<t51nhb$3o32n$1@paganini.bofh.team>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=14259&group=comp.sys.mac.system#14259

 copy link   Newsgroups: comp.sys.mac.system
Path: i2pn2.org!i2pn.org!paganini.bofh.team!not-for-mail
From: newskr...@krawl.org (NewsKrawler)
Newsgroups: comp.sys.mac.system
Subject: Apple, Google & Microsoft want to kill the password with Passkey standard
Date: Thu, 5 May 2022 23:44:44 -0000 (UTC)
Organization: To protect and to server
Message-ID: <t51nhb$3o32n$1@paganini.bofh.team>
Injection-Date: Thu, 5 May 2022 23:44:44 -0000 (UTC)
Injection-Info: paganini.bofh.team; logging-data="3935319"; posting-host="Dj+cCDj8UalGBjrWyMkOzw.user.paganini.bofh.team"; mail-complaints-to="usenet@bofh.team";
X-Notice: Filtered by postfilter v. 0.9.1
 by: NewsKrawler - Thu, 5 May 2022 23:44 UTC

https://arstechnica.com/gadgets/2022/05/apple-google-and-microsoft-want-bluetooth-proximity-to-replace-the-password/
Apple, Google & Microsoft want to kill the password with Passkey standard

Apple, Google, and Microsoft are launching a "joint effort" to kill the
password.

The major OS vendors want to "expand support for a common passwordless
sign-in standard created by the FIDO Alliance and the World Wide Web
Consortium."

The standard is being called either a "multi-device FIDO credential" or
just a "passkey."

Instead of a long string of characters, this new scheme would have the app
or website you're logging in to push a request to your phone for
authentication. From there, you'd need to unlock the phone, authenticate
with some kind of pin or biometric, and then you're on your way.

This sounds like a familiar system for anyone with phone-based two-factor
authentication set up, but this is a replacement for the password rather
than an additional factor.

Some push 2FA systems work over the Internet, but this new FIDO scheme
works over Bluetooth. As the whitepaper explains, "Bluetooth requires
physical proximity, which means that we now have a phishing-resistant way
to leverage the user's phone during authentication." Bluetooth has a
terrible reputation for compatibility, and I'm not sure "security" has ever
been a real concern, but the FIDO alliance notes that Bluetooth is just "to
verify physical proximity" and that the actual sign-in process "does not
depend on Bluetooth security properties."

That means both devices will need Bluetooth on board, which is a given for
most smartphones and laptops but could be a tough ask for older desktop
PCs.

Re: Apple, Google & Microsoft want to kill the password with Passkey standard

<t52380$b2m$1@gioia.aioe.org>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=14260&group=comp.sys.mac.system#14260

 copy link   Newsgroups: comp.sys.mac.system
Path: i2pn2.org!i2pn.org!aioe.org!2PjKnT9bPuHopMS96dr6yg.user.46.165.242.75.POSTED!not-for-mail
From: yourkidd...@yahoo.com (YK)
Newsgroups: comp.sys.mac.system
Subject: Re: Apple, Google & Microsoft want to kill the password with Passkey
standard
Date: Thu, 5 May 2022 23:04:31 -0400
Organization: Aioe.org NNTP Server
Message-ID: <t52380$b2m$1@gioia.aioe.org>
References: <t51nhb$3o32n$1@paganini.bofh.team>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Info: gioia.aioe.org; logging-data="11350"; posting-host="2PjKnT9bPuHopMS96dr6yg.user.gioia.aioe.org"; mail-complaints-to="abuse@aioe.org";
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:91.0)
Gecko/20100101 Thunderbird/91.8.1
X-Notice: Filtered by postfilter v. 0.9.2
Content-Language: en-US
 by: YK - Fri, 6 May 2022 03:04 UTC

On 5/5/22 7:44 PM, NewsKrawler wrote:
> https://arstechnica.com/gadgets/2022/05/apple-google-and-microsoft-want-bluetooth-proximity-to-replace-the-password/
> Apple, Google & Microsoft want to kill the password with Passkey standard
>
> Apple, Google, and Microsoft are launching a "joint effort" to kill the
> password.
>
> The major OS vendors want to "expand support for a common passwordless
> sign-in standard created by the FIDO Alliance and the World Wide Web
> Consortium."
>
> The standard is being called either a "multi-device FIDO credential" or
> just a "passkey."
>
> Instead of a long string of characters, this new scheme would have the app
> or website you're logging in to push a request to your phone for
> authentication. From there, you'd need to unlock the phone, authenticate
> with some kind of pin or biometric, and then you're on your way.
>
> This sounds like a familiar system for anyone with phone-based two-factor
> authentication set up, but this is a replacement for the password rather
> than an additional factor.
>
> Some push 2FA systems work over the Internet, but this new FIDO scheme
> works over Bluetooth. As the whitepaper explains, "Bluetooth requires
> physical proximity, which means that we now have a phishing-resistant way
> to leverage the user's phone during authentication." Bluetooth has a
> terrible reputation for compatibility, and I'm not sure "security" has ever
> been a real concern, but the FIDO alliance notes that Bluetooth is just "to
> verify physical proximity" and that the actual sign-in process "does not
> depend on Bluetooth security properties."
>
> That means both devices will need Bluetooth on board, which is a given for
> most smartphones and laptops but could be a tough ask for older desktop
> PCs.

Although, I'm not sure I feel about this, for $7.99, plus sales tax, I
bought a ASUS USB Bluetooth module. It allows use of my Bluetooth
earplugs and mouse with my desktop and a laptop that do no not have it
built in. It works great. The range is about the same as my computers
with builtin Bluetooth.

YK

Re: Apple, Google & Microsoft want to kill the password with Passkey standard

<slrnt7adsu.2u36.g.kreme@zephyrus.local>

 copy mid

https://www.novabbs.com/computers/article-flat.php?id=14261&group=comp.sys.mac.system#14261

 copy link   Newsgroups: comp.sys.mac.system
Path: i2pn2.org!rocksolid2!i2pn.org!eternal-september.org!reader02.eternal-september.org!kreme.dont-email.me!.POSTED!not-for-mail
From: g.kr...@kreme.dont-email.me (Lewis)
Newsgroups: comp.sys.mac.system
Subject: Re: Apple, Google & Microsoft want to kill the password with
Passkey standard
Date: Fri, 6 May 2022 14:58:38 -0000 (UTC)
Organization: Miskatonic U
Lines: 35
Message-ID: <slrnt7adsu.2u36.g.kreme@zephyrus.local>
References: <t51nhb$3o32n$1@paganini.bofh.team> <t52380$b2m$1@gioia.aioe.org>
Reply-To: g.kreme@gmail.don-t-email-me.com
Injection-Date: Fri, 6 May 2022 14:58:38 -0000 (UTC)
Injection-Info: kreme.dont-email.me; posting-host="67b2e054ee36bf56c57ef2cbf65a2ddc";
logging-data="20308"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/U9brvJk3WtEPuCZ4C1+ED"
User-Agent: slrn/1.0.3 (Darwin)
Cancel-Lock: sha1:E+GRvWYfEwdkgBUAVsZ5pIUKylU=
X-Face: )^b5"R:T7U>9~:PEn3YkzMfW*[b1qKeU.fP9C8~8HpU9}lA&6`bH1z
X-Clacks-Overhead: GNU Terry Pratchett
Mail-Copies-To: nobody
 by: Lewis - Fri, 6 May 2022 14:58 UTC

In message <t52380$b2m$1@gioia.aioe.org> YK <yourkidding@yahoo.com> wrote:
> On 5/5/22 7:44 PM, NewsKrawler wrote:
>> https://arstechnica.com/gadgets/2022/05/apple-google-and-microsoft-want-bluetooth-proximity-to-replace-the-password/
>> Apple, Google & Microsoft want to kill the password with Passkey standard

Everyone with the slightest sense wants passwords to die.

>> The major OS vendors want to "expand support for a common passwordless
>> sign-in standard created by the FIDO Alliance and the World Wide Web
>> Consortium."

I wish they would look at SQLR which seems to have solved every possible
issue.

>> Some push 2FA systems work over the Internet, but this new FIDO scheme
>> works over Bluetooth. As the whitepaper explains, "Bluetooth requires
>> physical proximity, which means that we now have a phishing-resistant way
>> to leverage the user's phone during authentication." Bluetooth has a
>> terrible reputation for compatibility, and I'm not sure "security" has ever
>> been a real concern, but the FIDO alliance notes that Bluetooth is just "to
>> verify physical proximity" and that the actual sign-in process "does not
>> depend on Bluetooth security properties."

Yes, FIDO is correct on this score, using BT for proximity verification
has nothing whatsoever to do with the authentication itself.

>> That means both devices will need Bluetooth on board, which is a given for
>> most smartphones and laptops but could be a tough ask for older desktop
>> PCs.

Older PCs are already security compromised.

--
Don't congratulate yourself too much, or berate yourself either. Your
choices are half chance; so are everybody else's.

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor