Enterprises understand the value of passkeys for workforce sign-ins. 87% of decision makers report deploying passkeys at their companies. Of these, 47% report rolling out a mix of device-bound passkeys and synced passkeys.

#enterprise #passkeys #security
https://www.helpnetsecurity.com/2025/03/12/enterprise-passkey-adoption/

#Passkeys and the evolution of authentication: A secure, seamless future

https://bitwarden.com/blog/passkeys-and-the-evolution-of-authentication-a-secure-seamless-future/

Toward a #Passwordless Future

https://www.privacyguides.org/articles/2025/03/08/toward-a-passwordless-future/

This cybersecurity startup aims to fix some of the headaches with passkeys by using its new passwordless authentication technology, which takes the best of passkeys but without their limitations.

#passwords #passkeys #security #cybersecurity
https://techcrunch.com/2025/03/11/some-say-passkeys-are-clunky-this-startup-wants-to-change-that/

Passwords are annoying, vulnerable to attack, and prone to human error. Our latest article explains how passkeys can lead to more secure and private online accounts

https://www.privacyguides.org/articles/2025/03/08/toward-a-passwordless-future/

Discover PasskeyIndex.io: Your Community Hub for #Passkeys

https://bitwarden.com/blog/discover-passkeyindex-io-your-community-hub-for-passkeys/

Well this is quite the surprise! Passkeys in epic-stack, brought to you by SimpleWebAuthn

https://github.com/epicweb-dev/epic-stack/discussions/937

I can consider this a feather in my cap, no?

@iam después de escuchar el último @comopiensodigo acerca de las #PassKeys, lo que yo he hecho ( hasta que los navegadores en #Linux las soporten ) es usar #Bitwarden, lo malo que tendrás que generar dos por cada servicio una para Apple y otra para Bitwarden .... jardines

Putting the word out here that https://webauthn.io got a bit of an upgrade today:

• You can now specify hints during authentication, if you're so inclined
• There's a new /profile page for after authentication to help with page navigation via the browser

Poke around a bit and feel free to let me know if anything seems off

It’s been four years since Google and Apple began supporting passkeys, a new password-free authentication method. Here's a look at the current status of passkeys and whether this is really the end of passwords.

#apple #google #passkeys #passwords
https://www.digitaltrends.com/computing/passkeys-in-2025-do-i-still-need-a-password-manager/

I wish authentication on the web worked like this:

- Every browser has one (or more) public key(s).
- The browser presents the public key to the server on request.
- A public key can be shared between browsers of the same user.
- To give your friend access to a web site, you simply ask for their public key.

I know there are passkeys and TLS client certificates, but all implementations are majorly flawed and half-assed in my opinion.

Passkey/password bug: iOS 18.3.1

Ook in iOS versie 18.3.1 is de eerder door mij gemelde iCloud KeyChain (*) kwetsbaarheid nog niet gerepareerd (eerder schreef ik hierover, Engelstalig: https://infosec.exchange/@ErikvanStraten/113821443334366419).

(*) Tegenwoordig is dat de app genaamd "Wachtwoorden" (of "Passwords").

De kwetsbaarheid bestaat indien:

• De eigenaar een "passcode" (pincode of wachtwoord) gebruikt om de iPhone of iPad te ontgrendelen - en er GÉÉN biometrie is geconfigureerd;

ofwel:

• De gebruiker wel biometrie kan gebruiken om het scherm te ontgrendelen, doch in 'Instellingen' > 'Touch ID en toegangscode' de instelling "Autom. invullen wachtw." is UITgezet.

Zie onderstaande screenshots (Engelstalig in https://infosec.exchange/@ErikvanStraten/113821443334366419). Meer info ziet u door op "Alt" in de plaatjes te drukken.

Probleem: iedereen met toegang tot de ontgrendelde iPhone of iPad kan dan, *zonder* opnieuw lokaal te hoeven authenticeren:

1) Op elke website inloggen waarvan het user-ID en wachtwoord in iCloud Keychain zijn opgeslagen;

2) Met passkeys op enkele specifieke websites inloggen (waaronder https://account.apple.com en https://icloud.com), namelijk als volgt:

a) Open de website;
b) Druk op "Inloggen";
c) Druk op de "x" rechts bovenaan de pop-up die verschijnt (in de onderste schermhelft);
d) Druk kort in het veld waar om het e-mailadres gevraagd wordt;
e) Druk op de knop "gebruik passkey".

Risico: uitlenen van een unlocked iDevice (o.a. aan kinderen) maar ook diefstal nadat de passcode is afgekeken. Of als de dief geen passcode heeft, als deze wacht tot de eerstvolgende iOS/iPadOS kwetsbaarheid bekend wordt waarbij de schermontgrendeling omzeild kan worden.

Als u ze nog niet gezien heeft, bekijk in elk geval de eerste van de volgende twee video's van Joanna Stern (van de Wall Street Journal):
https://youtube.com/watch?v=QUYODQB_2wQ
https://youtube.com/watch?v=tCfb9Wizq9Q

I set up Pocket ID (https://docs.pocket-id.org/) for self-hosted OIDC SSO at the weekend. It was incredibly simple to get going (though testing out Authentik taught me a lot that carried over). I'd been ignoring Passkeys up until now, and it's the only credential type Pocket ID supports. I think I'm sold on them now, though the story on migrating them is still poor.

The adoption of passkeys, the much-heralded passwordless authentication technology, has made significant strides over the past year but has fallen short of some ambitious predictions from 2024.

#passkeys #password #authentication #security
https://www.techspot.com/news/106609-passkeys-reach-15-billion-accounts-but-fall-short.html

The FIDO Alliance's CEO points to non-trivial signs of progress in both consumer and enterprise passkey adoption but allows that a lot of work remains.

#passkeys #password #fido #alliance #adoption
https://www.pcmag.com/news/the-passkey-future-is-here-but-some-companies-still-make-it-too-complicated

Passkeys don’t require memorization, can be stored directly on your phone, and are stronger than passwords. One particular advantage: They’re phishing-resistant.

#passkeys #password #phishing #security
https://www.pcworld.com/article/2591499/if-you-hate-passwords-switch-to-this-other-kind-of-login-right-now.html

Der 1. Februar hat als "Ändere-dein-Passwort-Tag" im ursprünglichen Sinne eigentlich ausgedient. Denn unter anderem das @bsi empfiehlt nicht mehr, #Passwörter regelmäßig zu ändern. Mittlerweile gibt es auch bessere Alternativen, zum Beispiel #Passkeys.
Falls ihr allerdings noch schwache Passwörter oder das gleiche #Passwort für mehrere Logins verwendet, solltet ihr euren Schutz stärken! Dafür geben wir euch hier ein paar Tipps – und auf https://www.verbraucherzentrale.nrw/wissen/digitale-welt/datenschutz/starke-passwoerter-so-gehts-11672

«Passkeys endlich verstanden | Nie mehr Passwörter»

Ich nutze @keepassxc und dies ist angenehm und sicher und doch soll ich mich mal mit Passkeys grundlegender beschäftigen. Gibt es dies bezüglich noch andere vertrauenswürdige Service Anbieter als nur die bekannten IT-Konzerne oder verstehe ich da was falsch? Weil so weit ich es sehe, ist es bei denen technisch nicht anonym.

https://www.youtube.com/watch?v=3gm71ABbXVo

Passkeys might be the solution to creating the synchronicity between security and simplicity. This person's passkey journey so far may influence your own.

#passkeys #passwords #security
https://www.androidpolice.com/changed-password-to-passkey-my-story/

Passkeys jetzt auch auf iOS mit Chrome: Sicher und plattformübergreifend
Google hat eine wichtige Aktualisierung für seinen Google Password Manager im Chrome-Browser eingeführt. Ab sofort können Nutzer:innen von iPhone und iPad (ab iOS 17) Passkeys erstellen, ver
https://www.apfeltalk.de/magazin/news/passkeys-jetzt-auch-auf-ios-mit-chrome-sicher-und-plattformuebergreifend/
#News #ChromeIOS #FaceID #GooglePasswordManager #iCloudSchlsselbund #Passkeys #PlattformbergreifendeSynchronisation