Passwords suck. Can passkeys replace them?
Summary
Discusses the potential of passkeys to replace passwords as a more secure authentication method.
Similar Articles
XSS Is Deadly for Passkeys: The Hidden Risk of Attestation None
The article explains how a single XSS vulnerability can defeat the phishing-resistance of passkeys when attestation is set to 'none', allowing attackers to register their own passkeys and achieve persistent account takeover. It calls for attention to this overlooked threat and suggests defenses.
Anonymous credentials: an illustrated primer (Part 2)
Second part of an illustrated primer explaining real-world anonymous credential systems like Privacy Pass and Google's age-verification proposal, focusing on preventing credential cloning and enabling expressive proofs without sacrificing user privacy.
plass: manage passwords
plass is a minimalistic, UNIX-philosophy-inspired password manager written in C that uses GPG for encryption and got for version control.
@svpino: Back in 2010, we could get away with SSH keys and API tokens in .env files. We can't do that anymore. I went down a rab…
The post argues that static credentials like SSH keys and API tokens are no longer sufficient, and identity-based access is a better alternative.
@dreamsofcode_io: Really good time to consider putting your SSH Keys on a hardware security key, such as a Yubikey.
A tweet recommends using hardware security keys like Yubikey for SSH keys, referencing an active cross-ecosystem supply chain attack (TrapDoor) on npm, PyPI, and Crates.io involving malicious packages and crypto-stealing malware.