Kevin Beaumont on Nostr: The security industry: move to passkeys, they are phishing resistant! The thing they ...
The security industry: move to passkeys, they are phishing resistant!
The thing they haven’t mentioned: phish the recovery process for the phone instead, then you have god mode across everything. Passkeys are synced across devices by design, and there’s legacy (eg SMS) recovery.
Published at
2024-05-08 19:25:04Event JSON
{
"id": "a4e1e012958806bfe5cd02b722cdf23ba9906a1cbb8bd84e2bbb2c3ad60522d8",
"pubkey": "f6870afcde4480ec8508f50304859e14a51309ff24ab3f0f862c52bdc4af8747",
"created_at": 1715196304,
"kind": 1,
"tags": [
[
"proxy",
"https://cyberplace.social/users/GossiTheDog/statuses/112407105016711886",
"activitypub"
]
],
"content": "The security industry: move to passkeys, they are phishing resistant!\n\nThe thing they haven’t mentioned: phish the recovery process for the phone instead, then you have god mode across everything. Passkeys are synced across devices by design, and there’s legacy (eg SMS) recovery.",
"sig": "fe771834454aea33936a3f1e6b324d87de4660fc40f518ad38ce168c4d2173ae6eeadc6c148610b6981d9c7d78f6d54f7fa1cb7f418f50146beb9120c197993f"
}