Skip to main content
Information Security

Questions tagged [fido]

Ask Question

FIDO (Fast IDentity Online) is a technical specification for biometric authentication to online services.

75 questions
Newest Active Bountied Unanswered
5 votes
1 answer
809 views

I noticed that with Linux pam-u2f module whether you are required to input your PIN can be changed by simply editing ~/.config/Yubico/u2f_keys file and either adding +pin to your configuration line or ...
ojs's user avatar
  • 151
1 vote
1 answer
139 views

Currently I am working on implementing/supporting WebAuthN in my service (JAVA). I have a Control Plane which handles the registration ceremony and Data Plane that handles the authentication ceremony. ...
John Doe's user avatar
  • 13
0 votes
1 answer
256 views

Security Noob here. I am trying to build a secure passwordless login mechanism for my webservice. The authentication mechanisms My idea is to encourage the users to use the following two login methods:...
2f8n's user avatar
  • 1
1 vote
1 answer
265 views

Passkeys prevent phishing, no one can make you login remotely (without exploits) and if they are hardware based and never leave the hardware, them even exploits might have a hard time getting them. ...
Gatonito's user avatar
  • 375
0 votes
1 answer
114 views

Previously some good fellow explained the importance of verifying the public key created and offered by authenticators. As before, given the complexity of a FULL implementation of RP operation, I ...
DannyNiu's user avatar
  • 402
0 votes
1 answer
205 views

Through reading the WebAuthn spec and related MDN docs, I understand that unlike "certificate signing requests", FIDO/Passkey can have various different attestation formats and verification ...
DannyNiu's user avatar
  • 402
1 vote
1 answer
335 views

In this question: Is FIDO2 authentication vulnerable to a social engineering replay attack? it was answered that no, not vulnerable because "the keypair used to by the FIDO device to authenticate ...
Allexj's user avatar
  • 137
0 votes
0 answers
19 views

Why does FIDO2's spec not mention FIDO UAF as a related standard? I wonder if FIDO UAF is still relevant. Will FIDO UAF be deprecated eventually in favor of FIDO2? Why do they co-exist if they fulfil ...
kinafu's user avatar
  • 101
1 vote
0 answers
283 views

Where/what are the technical specifications to sync FIDO passkeys? FIDO passkeys are a quite hot topic. There is a white paper from FIDO Alliance about it. Several websites provide abstract ...
ndbd's user avatar
  • 201
2 votes
2 answers
294 views

I've read about Linus Tech Tips hack, where a malware stole the browser cookies & was able to log in to Linus's channel. Is this preventable with Windows controlled folder access (preventing apps ...
Ninja Dev's user avatar
  • 121
1 vote
1 answer
2k views

I was wondering if it's possible to only store and read a ssh private key on a yubikey and not read the private key the yubikey generated from a client computer? Currently the only way it seems to ...
SneakyShrike's user avatar
  • 193
2 votes
0 answers
132 views

References: Yubico’s Take on U2F Key Wrapping https://www.yubico.com/blog/yubicos-u2f-key-wrapping/ Key generation https://developers.yubico.com/U2F/Protocol_details/Key_generation.html Discoverable ...
CyberMedics.org's user avatar
  • 21
2 votes
1 answer
600 views

OpenSSH 8.2 added -sk key types that allow for FIDO/U2F hardware authenticators (like a YubiKey, etc.) yubikey-agent allows for the same functionality, except it (a) requires an additional client on ...
angryserver's user avatar
  • 151
0 votes
0 answers
182 views

I am enhancing our login flow to include biometric verification via your phone. The user will log in to the desktop app but will have to verify their identity via their phone. We already have an app ...
Decrypter's user avatar
  • 101
3 votes
1 answer
980 views

I'm starting to learn about the FIDO2 standard, and I'm wondering if this scenario is possible... Victim visits a credential harvesting page and enters their credentials Credential harvesting backend ...
Sean W.'s user avatar
  • 845

15 30 50 per page
1
2 3 4 5