Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/vpz/statuses/111251251837329791">vpz (vpz@infosec.exchange)'s status on Wednesday, 18-Oct-2023 05:56:56 JST</a><a href="https://infosec.exchange/@vpz" title="vpz@infosec.exchange"><img src="https://gnusocial.jp/avatar/202122-48-20231209124802.webp" width="48" height="48" alt="vpz" style="position: absolute; left: 0; top: 0;">vpz</a><div><a href="https://gnusocial.jp/notice/4322442" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/38360" title="gossithedog@cyberplace.social">Kevin Beaumont</a></li><li><a href="https://gnusocial.jp/user/111068" title="saper@mastodon.social">Marcin Cieślak</a></li><li><a href="https://gnusocial.jp/user/114200" title="planesailinggames@chirp.enworld.org">Alex White</a></li></ul></div></section><article><p><a href="https://mastodon.social/@saper" rel="nofollow noreferrer">@saper</a> <a href="https://cyberplace.social/@GossiTheDog" rel="nofollow noreferrer">@GossiTheDog</a> <a href="https://agora.echelon.pl/users/kravietz" rel="nofollow noreferrer">@kravietz</a> <a href="https://chirp.enworld.org/@PlaneSailingGames" rel="nofollow noreferrer">@PlaneSailingGames</a> What it sounds like is that how a user configures the security around passkeys is important. Using the Apple example mentioned previously, iCloud Keychain security1 is what protects passkeys, if I'm reading this stuff correctly. So a user who cares more about security than convenience is going to take extra steps to secure iCloud Keychain like using two-factor with Yubikeys. And by NOT doing that, the security of Keychain isn't that great.  [1] <a href="https://support.apple.com/guide/security/icloud-keychain-security-overview-sec1c89c6f3b/1/web/1" rel="nofollow noreferrer">https://support.apple.com/guide/security/icloud-keychain-security-overview-sec1c89c6f3b/1/web/1</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2198879#notice-4322443">In conversation</a><time datetime="2023-10-18T05:56:56+09:00" title="Wednesday, 18-Oct-2023 05:56:56 JST">about a year ago</time> <span>from <span><a href="https://infosec.exchange/@vpz/111251251837329791" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@vpz/111251251837329791">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: help.apple.com</div><h5><a href="https://support.apple.com/guide/security/icloud-keychain-security-overview-sec1c89c6f3b/1/web/1">iCloud Keychain security overview</a></h5><div></div></header><div>With the iCloud Keychain, users can securely sync their passwords between iPhone, iPad, and Mac devices without exposing that information to Apple.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
vpz (vpz@infosec.exchange)'s status on Wednesday, 18-Oct-2023 05:56:56 JSTvpz
in reply to
@saper @GossiTheDog @kravietz @PlaneSailingGames What it sounds like is that how a user configures the security around passkeys is important. Using the Apple example mentioned previously, iCloud Keychain security1 is what protects passkeys, if I'm reading this stuff correctly. So a user who cares more about security than convenience is going to take extra steps to secure iCloud Keychain like using two-factor with Yubikeys. And by NOT doing that, the security of Keychain isn't that great. [1] https://support.apple.com/guide/security/icloud-keychain-security-overview-sec1c89c6f3b/1/web/1
In conversationabout a year ago from infosec.exchangepermalink
Attachments
1. Domain not in remote thumbnail source whitelist: help.apple.com
  iCloud Keychain security overview
  With the iCloud Keychain, users can securely sync their passwords between iPhone, iPad, and Mac devices without exposing that information to Apple.

Public

Embed Notice

HTML Code

Corresponding Notice