Sign up to save your podcasts
Or
Share Episode 0: Passkeys
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 0: Passkeys
Show notes:
There are many scams, some to get your password(s), some just for money. Here's a sample list: https://www.experian.com/blogs/ask-experian/the-latest-scams-you-need-to-aware-of/
Lists of login methods:
- https://testdriven.io/blog/web-authentication-methods/
- https://www.logintc.com/types-of-authentication/
Who implements Passkeys?
- https://www.passkeys.com/websites-with-passkey-support-sites-directory
- https://fidoalliance.org/passkeys-directory/
- https://www.keepersecurity.com/passkeys-directory/
The three things that come together to make passkeys:
- Using key pairs, like SSH: https://www.ssh.com/academy/ssh/public-key-authentication
- Biometric authentication, you're already used to it from your phone
- New User Interface "ceremonies"
Which password managers support passkeys?
- 1Password (our personal favorite)
- Bitwarden
- Dashlane
- Google Password Manager
- Keeper
- NordPass
- RoboForm
A little about password managers:
Almost any password manager is better than no password manager at all so do your research. Find the best one for you. Make sure it answers these questions:
- Does it run on all the platforms you care about?
- Does it have a pricing model you like?
- Does it use a cloud service, or not, or of your choice, in a way that you like?
- Does the password service itself have access to your keys?
- What kind of secrets can it keep?
- Passkey descriptions and implementation documents
- The FIDO alliance: https://fidoalliance.org/passkeys/
- Google (for developers): https://developers.google.com/identity/passkeys/developer-guides
- Apple (for developers): https://developer.apple.com/passkeys/
Wolf's top three personal digital security recommendations
- Use a password manager (it should support passkeys). See above.
- Once you create a passkey for a specific service; change your previous password. The new one should be generated by your password manager and you should never use it unless you absolutely must.
- Make sure your device is secure
- Use biometric authentication
- Have a strong password. Your password manager can generate one made from words. Easy to remember; hard to guess.
- Make sure you know how to force your device to require a password. You can be tricked or forced to authenticate biometrically. Law enforcement can't force you to reveal a password; and if you're careful, you can't be tricked out of it.
- Be aware of your surroundings. Bad actors can "shoulder surf" and get your password, or cameras. It's just like the old days at the ATM. You don't want a person right behind you to see your PIN.
Hosts:
Jim McQuillan can be reached at [email protected]
Wolf can be reached at [email protected]
Follow us on Mastodon: @[email protected]
Theme music:
Dawn by nuer self, from the album Digital Sky
View all episodes
By Jim McQuillan & WolfShow notes:
There are many scams, some to get your password(s), some just for money. Here's a sample list: https://www.experian.com/blogs/ask-experian/the-latest-scams-you-need-to-aware-of/
Lists of login methods:
- https://testdriven.io/blog/web-authentication-methods/
- https://www.logintc.com/types-of-authentication/
Who implements Passkeys?
- https://www.passkeys.com/websites-with-passkey-support-sites-directory
- https://fidoalliance.org/passkeys-directory/
- https://www.keepersecurity.com/passkeys-directory/
The three things that come together to make passkeys:
- Using key pairs, like SSH: https://www.ssh.com/academy/ssh/public-key-authentication
- Biometric authentication, you're already used to it from your phone
- New User Interface "ceremonies"
Which password managers support passkeys?
- 1Password (our personal favorite)
- Bitwarden
- Dashlane
- Google Password Manager
- Keeper
- NordPass
- RoboForm
A little about password managers:
Almost any password manager is better than no password manager at all so do your research. Find the best one for you. Make sure it answers these questions:
- Does it run on all the platforms you care about?
- Does it have a pricing model you like?
- Does it use a cloud service, or not, or of your choice, in a way that you like?
- Does the password service itself have access to your keys?
- What kind of secrets can it keep?
- Passkey descriptions and implementation documents
- The FIDO alliance: https://fidoalliance.org/passkeys/
- Google (for developers): https://developers.google.com/identity/passkeys/developer-guides
- Apple (for developers): https://developer.apple.com/passkeys/
Wolf's top three personal digital security recommendations
- Use a password manager (it should support passkeys). See above.
- Once you create a passkey for a specific service; change your previous password. The new one should be generated by your password manager and you should never use it unless you absolutely must.
- Make sure your device is secure
- Use biometric authentication
- Have a strong password. Your password manager can generate one made from words. Easy to remember; hard to guess.
- Make sure you know how to force your device to require a password. You can be tricked or forced to authenticate biometrically. Law enforcement can't force you to reveal a password; and if you're careful, you can't be tricked out of it.
- Be aware of your surroundings. Bad actors can "shoulder surf" and get your password, or cameras. It's just like the old days at the ATM. You don't want a person right behind you to see your PIN.
Hosts:
Jim McQuillan can be reached at [email protected]
Wolf can be reached at [email protected]
Follow us on Mastodon: @[email protected]
Theme music:
Dawn by nuer self, from the album Digital Sky