👀 I’m part of the 0.5% Twitter’s users that use a #SecurityKey for 2FA. Do we know how much people are using this feature in #mastodon ? From: @SpyBlog https://mastodon.social/@SpyBlog/109884411127070890 [Originally posted: 2023-02-18 07:20 UTC]
#SecurityKey
Nachdem die Nitrokey 3A Mini offenbar so billig produziert sind, dass mir gestern einer beim simplen Abziehen von einem etwas festeren USB Port in seine Einzelteile zerfallen ist, habe ich beschlossen, auch den anderen einzumotten und komplett zurück zu Yubikey zu wechseln. Die Dinger sind unkaputtbar und auch IP68 zertifiziert. Nutze ich schon seit >15 Jahren ohne jegliche Probleme.
An sich mag ich den Open Source- und Transparenz-Gedanken, unterstütze das auch aktiv, aber wenn die physische Qualität dermaßen unterirdisch ist wie beim Nitrokey 3A Mini (die anderen kann ich nicht beurteilen), dann hilft mir das auch nicht. So ein Security Key ist einigermaßen zentral, der darf nicht einfach so zerfallen bei normaler Nutzung.
Joost van Dijk from @yubico tells us about #OpenSSH combined with the #FIDO standard at the @nluug #najaarsconferentie. This info applies on any FIDO #securitykey, not just #yubikey.
#opensourceconference #Linuxconference #conference #conferentie #NLUUG #nluug25nj #hardwarekey
#X retiring #twiiter.com domain - Re-enroll #2FA #SecurityKey by November 10
https://www.elevenforum.com/t/x-retiring-twiiter-com-domain-re-enroll-2fa-security-key-by-november-10.41385/
Hello Hello!
#SecuX Tech, a Taiwanese business that produces security devices, sent me a security key, the PUFido Clife Key to unbox, and since I was there, I also make a #tutorial and an explanation of what it is.
https://www.youtube.com/watch?v=JLNijRxZZVQ
#PUF #securityKey #unboxing #cyberSecurity
i *still* don't understand how this onlykey works. i've kinda figured out how to generate subkeys (you have to have $GNUPGHOME point to a valid keyring that has a public key on which you want to create a subkey for, but use `--homedir` to point to a new directory for onlykey to put the new keyring with the subkey), but now it won't generate keys except for the uid i used to use?
Hat jemensch schon einmal das Login der Schweizer Behörden (AGOV-Login, siehe https://www.agov.admin.ch/de) mit einem Nitrokey 3 getestet und kann etwas zur Kompatibilität sagen?
Geht das oder braucht es "zwingend" einen Schlüssel von Yubico oder Token2 (beide mit L2-Zertifizierung)?
Solo2-Schlüssel gehen jedenfalls nicht und die sind wohl eh EOL. Ich möchte gerne einen Schlüssel mit einer Open-Source-Firmware benutzen.
Nachtrag 1: Der NitroKey 3C geht definitiv nicht. Token2 hingegen schon.
Nachtrag 2: Offensichtlich wird der NitroKey 3C bald eine L2-Zertifizierung erhalten, siehe https://www.nitrokey.com/blog/2025/nitrokey-3-firmware-v182-more-passkeys-bitcoin-curve
@nitrokey #nitrokey #agov #yubikey #schweiz #OpenSource #securitykey
⏰ While 2024 is reaching the finish line, we‘d like to take a moment to thank everyone who is supporting us on our mission to secure the digital life. 🛡
We‘re truly grateful for having such loyal customers. 🙏
We wish you happy holidays! 🎄
May 2025 be the year we all wish for! 💪
Stay secure! 🙂
#nitrokey #cybersecurity #staysecure #nitrokeypro #opensource #internetsecurity #securitykey #usbkey #secureyourdigitallife
This is unfortunate because I received a pair of these recently that I've been meaning to take out of the package. I guess they won't be issuing recalls?
#securitykey #sidechannel #yubikey #yubikeys #hardwaretokens #hardwaretoken #cryptography #credentials #fido
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel.
#YubiKeys #Security #Tech #News #TechNews #AllThingsTech #SecurityKey
#Yubico issues security advisory for #YubiKey, #SecurityKey, and #YubiHSM private key recovery #vulnerability #YubiKey5
https://www.elevenforum.com/t/yubico-issues-security-advisory-for-yubikey-security-key-and-yubihsm-private-key-recovery-vulnerability.28198/
I don't know who needs to hear this, but put an AirTag on that key ring of FIDO2 security keys you have.
🔒 Secure your online accounts with SoloKeys! 🔑
Open-source security keys built with Trussed®.
Works with Google, Facebook, Twitter & more.
Get yours now:
PassKeys seem like a bad idea. Google backs them up to the cloud, so if your Google account is compromised then all your private keys are compromised. I don't see how that's an improvement over password+2FA at all.
Now security keys I get; keep the private key on an airgapped device. That's good. Hell I even keep my 2FA-OTP salts on a YubiKey.
#passkeys #fido2 #webauthn #yubikey #2fa #otp #authentication #cryptography #security #passwords #passkey #password #securityKey #google
How to Add or Remove #Passkey on #SecurityKey for your #MicrosoftAccount
https://www.elevenforum.com/t/add-or-remove-passkey-on-security-key-for-your-microsoft-account.24863/
Sometimes I just take a moment and watch my SoloKey v2 as its little green light fades in and out, signaling its readiness to protect me online at a moment's notice.
#SoloKey #SoloKeys #SoloKeysV2 #2FA #FIDO #FIDO2 #WebAuthn #SecurityKey
The desktop app was the sole reason I used Authy. Not providing an export option sucks. 2FAS is good, but then I didn’t have my phone, and I needed to login to sites that do not accept security keys. FYI - You must have access to your mobile device/2FAS app to use the browser extension.
#2FA #HardwareKey #SecurityKey #Authy #Twilio #2FAS
When implementing #WebAuthn on an Identity Provider's side. Where exactly should one draw the line between #SecurityKey and #Passkey? I see that most platforms make a distinction between those. Can anyone link me some article or blog post on this topic? If I were to implement security key and passkey support on a provider that does not yet support any WebAuthn, should I go down the same route?
My current assumption is that during passkey registration you'd set "residentKey = required" and "userVerification = required", whereas for a security key you'd set "residentKey = discouraged" and "userVerification = preferred".
Also, I'm assuming that a security key can also function as a form of #passwordless multi-factor authentication if UV was true during registration AND authentication. Obviously without the neat part of Passkeys where you don't have to manually enter the username.
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst