Entra ID Security: rendere sicuri gli accessi alle nostre identità digitali

In questa sessione verranno mostrate tutte le novità introdotte da Entra ID (Azure AD) per migliorare la sicurezza degli accessi da parte degli utenti. MFA, #passwordless, authentication strenght e accesso condizionale sono ormai indispensabili per garantire un accesso sicuro alle nostre identità digitali. In più verranno annunciate le novità relative alla famiglia #Microsoft #Entra, con un… https://www.ictpower.it/video/powercon2023-evento-online-del-14-luglio-nicola-ferrini-entra-id-security-rendere-sicuri-gli-accessi-alle-nostre-identita-digitali.htm?swcfpc=1

A new version of warden-webauthn is out (the foundation for devise-passkeys)

This one ensures that the underlying credentials must be discoverable by default; but provides hooks to override in edge cases where you need to allow non-discoverable credentials. Check out the Github issue for more info!

Check it out! And, as always, we need maintainers!

https://github.com/ruby-passkeys/warden-webauthn/releases/tag/v0.3.0

https://github.com/ruby-passkeys/.github/issues/1

#Ruby #passkeys #passwordless #InfoSec #RubyOnRails #devise

👋 𝐄𝐚𝐬𝐲 𝐏𝐚𝐬𝐬𝐰𝐨𝐫𝐝𝐥𝐞𝐬𝐬 𝐋𝐨𝐠𝐢𝐧 𝐄𝐱𝐩𝐞𝐫𝐢𝐞𝐧𝐜𝐞 𝐰𝐢𝐭𝐡 𝐌𝐚𝐠𝐢𝐜 𝐋𝐢𝐧𝐤𝐬 𝐚𝐧𝐝 𝐀𝐮𝐭𝐡𝐠𝐞𝐚𝐫
This post explores 𝐰𝐡𝐚𝐭 𝐦𝐚𝐠𝐢𝐜 𝐥𝐢𝐧𝐤𝐬 𝐚𝐫𝐞 and 𝐰𝐡𝐚𝐭 𝐲𝐨𝐮 𝐧𝐞𝐞𝐝 𝐭𝐨 𝐤𝐧𝐨𝐰 to implement an email-powered login flow for your users with Authgear.

https://www.authgear.com/post/easy-passwordless-login-experience-with-magic-links-and-authgear

#magiclinks #authentication #passwordless #security

Coming soon! A new #passwordless SSO offering will bring flexibility for Single Sign-On integration. Learn how this can help secure your business’s sensitive credentials: https://bitwarden.com/blog/easily-integrate-single-sign-on-security-with-flexible-solutions/

#cybersecurity #passwordmanager #passwordsecurity #security

A passwordless future is the dream of most end-users and cybersecurity professionals. After multiple failed attempts, Passkey might bring us there. However, human nature, laziness, and implementation errors might be issues. In my latest Forbes Article, I explore how we can make a passwordless future a success story and what stands in our way.
#cybersecurity #identityandaccessmanagement #passwordless #passkey

https://www.forbes.com/sites/forbestechcouncil/2023/07/14/passkey-is-a-game-changer-if-three-cybersecurity-problems-are-solved/?sh=6c9bb2263ff3

maybe i'm getting old, but i feel the recent trend towards #passwordless with #passkeys / #authn might be a bad idea.

passwords (with all their problems) are a low-tech thing. depending on the people having access to a high-end device with their keys seems highly rich-tech-bro-in-the-western-world

👋 Email Login Links, also known as "𝐦𝐚𝐠𝐢𝐜 𝐥𝐢𝐧𝐤𝐬", is a 𝐩𝐚𝐬𝐬𝐰𝐨𝐫𝐝𝐥𝐞𝐬𝐬 𝐚𝐮𝐭𝐡𝐞𝐧𝐭𝐢𝐜𝐚𝐭𝐢𝐨𝐧 method that allows users to log into a website or application without using a traditional password. Instead, it relies on a unique link sent to the user's email address. Learn more about how to enable it without writing any code.

👉https://docs.authgear.com/strategies/email-login-link

#email #authentication #passwordless #lowcode

Programming note, devise-passkeys 0.2.0 is out: https://github.com/ruby-passkeys/devise-passkeys/releases/tag/v0.2.0

It's got some bug fixes & documentation, but more importantly, some outside contributors!! Thanks so much to everyone who's helped out so far: https://github.com/ruby-passkeys/devise-passkeys/blob/v0.2.0/THANKS.md#contributors

#rails #passkeys #WebAuthn #InfoSec #passwordless #RubyOnRails #ruby

The #AiTM is going wild in #Finland. Attacks are well done and even #cybersecurity experts have trouble spotting these. We need better protection than mobile app MFA. This is going to be quite a push for #passwordless #WHFB

Today I successfully integrated my company's #Teleport instance with the logins on our #Grafana instance using #jwt and proving the concept of #passwordless systems and #passkeys in a production environment.

Just logged into CVS and they prompted me to enroll a passkey. Super easy. 3 steps and I'm done. (For this browser, on this laptop — sync is the next hurdle.)
#passwordless #authentication #passkey

#Passwordless #Passkey Logins 2023 - Are they Safe for Privacy?

I will perform an in depth review of the new Passkey technology being introduced by Google, Apple and Microsoft as an alternative login to their operating systems beginning in late 2023.

This standard was established by the FIDO Alliance and sooner, rather than later, most applications and platforms will be using this.

https://invidious.snopyta.org/watch?v=dpTVXCjJQyY

https://piped.video/watch?v=dpTVXCjJQyY

Ad Aprile 2023 #Microsoft ha cominciato a rilasciare una nuova funzionalità di protezione di Azure AD chiamata System-preferred multifactor authentication. Questa funzionalità è pensata per incoraggiare gli utenti ad utilizzare il metodo più sicuro di multifactor authentication che hanno registrato. #cybersecurity #passwordless #mfa https://www.ictpower.it/guide/system-preferred-multifactor-authentication-in-azure-ad.htm

Dozrel čas na koniec hesiel? Keď to Google trochu potlačí svojou silou, má to šancu uspieť. Ja do toho idem.

#passwordless

https://podcasty.sme.sk/c/23165291/klik-na-smrt-hesiel-sme-cakali-desatrocia-konecne-je-na-dosah.html

Referenced link: http://cs.co/9009OkQ1J
Originally posted by Duo Security / @duosec@twitter.com: https://twitter.com/duosec/status/1654244513563435017#m

On #WorldPasswordDay, we're looking forward to a #passwordless future 🙌

Check out our latest blog to learn the difference between traditional and passwordless logins and see how WebAuthn is driving passwordless forward: http://cs.co/9009OkQ1J

Referenced link: http://cs.co/6010OZKLs
Originally posted by Duo Security / @duosec@twitter.com: https://twitter.com/duosec/status/1654138839454081028#m

Do or do not, there is no try. No really…with #passwordless authentication, you can stop trying to remember your password and just log in 🙌

💫 #MayThe4thBeWithYou on this #WorldPasswordDay 👉 http://cs.co/6010OZKLs

Today I disconnected my Yubi key and enabled passkey for my private Google account. Being in the Apple world, I hope sync of my passkeys with iCloud will be sufficient…

Lets see how this go! But I am a long way from ditching my 2FA verification app and password manager.

For more info: https://blog.google/technology/safety-security/one-step-closer-to-a-passwordless-future/

#Passwordless #Passkeys #Google #GoogleAccount #FIDO

Google launches passwordless login.

Apple are working on something similar.

I can't see passwords going away for a very long time, there's just so many account and apps out there.

Still, it's a good step in the right direction
https://arstechnica.com/gadgets/2023/05/passwordless-google-accounts-are-here-you-can-now-switch-to-passkey-only/

#google #passwordless #login #productdesign #ux

Google is rolling out Passkeys across all platforms, making it a #passwordless solution for Google Accounts.

https://thehackernews.com/2023/05/google-introduces-passwordless-secure.html

#Passkeys, backed by the FIDO Alliance, are more secure than passwords and resistant to online attacks such as phishing.

RT @TheHackersNews
Google is rolling out Passkeys across all platforms, making it a #passwordless solution for Google Accounts.

Learn how it works: https://thehackernews.com/2023/05/google-introduces-passwordless-secure.html

#Passkeys, backed by the FIDO Alliance, are more secure than passwords and resistant to online attacks such as phishing.