/explore

Click through on any links that interest you or select the planets on the right to continue exploring the Outer Web.
You are here

blog.trailofbits.com
| | janko.io
2.9 parsecs away

Travel
| | Passkeys are a modern alternative to passwords, where the user's device performs the authentication, usually requiring some form of user verification (biometric identification, PIN). Passkeys are built on top of WebAuthn specification, which is based on public-key cryptography. Keypairs are created for each website, and the public key is sent to the server, while the private key is securely stored on the device. This makes passkeys:
| | huanliu.wordpress.com
3.5 parsecs away

Travel
| | Apple introduced Passkey a year ago in WWDC2022. It is ground breaking in that it allows the private key in a FIDO credential to be stored in the iCloud keychain, and facilitates it to be propagated from device to device. While it makes the FIDO credential easy to use, and it solves the bootstrapping problem...
| | educatedguesswork.org
3.9 parsecs away

Travel
| | [AI summary] This article discusses advanced password security mechanisms, focusing on technologies like two-factor authentication, password authenticated key agreement, and public key authentication to enhance web login security beyond traditional passwords.
| | rcoh.me
22.7 parsecs away

Travel
| I always wondered how Google Authenticator style 2-factor codes worked. The process of going from QR code to rotating 6-digit pin seemed a bit magical. A few days ago, my curiosity found itself coupled with some free time. Here's what I found: What's in the QR Code I scanned the QR code from Github with a barcode scanning app. Here's what's inside: otpauth://totp/Github:rcoh?secret=onswg4tforrw6zdf&issuer=Github Not too surprising. It tells us the protocol, TOTP, who is issuing this OTP code (Github), and most importantly the secret:1