Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/saper/statuses/111252311242490980">Marcin Cieślak (saper@mastodon.social)'s status on Wednesday, 18-Oct-2023 05:56:53 JST</a><a href="https://mastodon.social/@saper" title="saper@mastodon.social"><img src="https://gnusocial.jp/avatar/111068-48-20230405035307.webp" width="48" height="48" alt="Marcin Cieślak" style="position: absolute; left: 0; top: 0;">Marcin Cieślak</a><div><a href="https://infosec.exchange/@vpz/111251251837329791" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/38360" title="gossithedog@cyberplace.social">Kevin Beaumont</a></li><li><a href="https://gnusocial.jp/user/114200" title="planesailinggames@chirp.enworld.org">Alex White</a></li><li><a href="https://gnusocial.jp/user/202122" title="vpz@infosec.exchange">vpz</a></li></ul></div></section><article><p><a href="https://infosec.exchange/@vpz">@vpz</a> <a href="https://cyberplace.social/@GossiTheDog">@GossiTheDog</a> <a href="https://agora.echelon.pl/users/kravietz">@kravietz</a> <a href="https://chirp.enworld.org/@PlaneSailingGames">@PlaneSailingGames</a> </p><p>(i)Cloud accounts have been targeted for hijack for quite a long time.</p><p>what is the point of cloud-based passkeys?</p><p>so I am going to protect myself against hijacking, say, my Github account, but my Apple account stays less protected?</p><p>But if I go ahead and buy a real hardware fido key, I can use it for all services, including Github and (probably) Apple, so why bother with the cloud-based solution?</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2198879#notice-4322444">In conversation</a><time datetime="2023-10-18T05:56:53+09:00" title="Wednesday, 18-Oct-2023 05:56:53 JST">about a year ago</time> <span>from <span><a href="https://gnusocial.jp/notice/4322444" rel="external" title="Sent from gnusocial.jp via ActivityPub">gnusocial.jp</a></span></span><a href="https://gnusocial.jp/notice/4322444">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Marcin Cieślak (saper@mastodon.social)'s status on Wednesday, 18-Oct-2023 05:56:53 JSTMarcin Cieślak
in reply to
@vpz @GossiTheDog @kravietz @PlaneSailingGames
(i)Cloud accounts have been targeted for hijack for quite a long time.
what is the point of cloud-based passkeys?
so I am going to protect myself against hijacking, say, my Github account, but my Apple account stays less protected?
But if I go ahead and buy a real hardware fido key, I can use it for all services, including Github and (probably) Apple, so why bother with the cloud-based solution?
In conversationabout a year ago from gnusocial.jppermalink

Public

Embed Notice

HTML Code

Corresponding Notice