There are many scams, some to get your password(s), some just for money. Join us as we discuss a new way to protect your online accounts.
Show notes:
Lists of login methods:
- https://testdriven.io/blog/web-authentication-methods/
- https://www.logintc.com/types-of-authentication/
Who implements Passkeys?
- https://www.passkeys.com/websites-with-passkey-support-sites-directory
- https://fidoalliance.org/passkeys-directory/
- https://www.keepersecurity.com/passkeys-directory/
The three things that come together to make passkeys:
- Using key pairs, like SSH: https://www.ssh.com/academy/ssh/public-key-authentication
- Biometric authentication, you're already used to it from your phone
- New User Interface "ceremonies"
Which password managers support passkeys?
- 1Password (our personal favorite)
- Bitwarden
- Dashlane
- Google Password Manager
- Keeper
- NordPass
- RoboForm
A little about password managers:
Almost any password manager is better than no password manager at all so do your research. Find the best one for you. Make sure it answers these questions:
- Does it run on all the platforms you care about?
- Does it have a pricing model you like?
- Does it use a cloud service, or not, or of your choice, in a way that you like?
- Does the password service itself have access to your keys?
- What kind of secrets can it keep?
- Passkey descriptions and implementation documents
- The FIDO alliance: https://fidoalliance.org/passkeys/
- Google (for developers): https://developers.google.com/identity/passkeys/developer-guides
- Apple (for developers): https://developer.apple.com/passkeys/
Wolf's top three personal digital security recommendations
- Use a password manager (it should support passkeys). See above.
- Once you create a passkey for a specific service; change your previous password. The new one should be generated by your password manager and you should never use it unless you absolutely must.
- Make sure your device is secure
- Use biometric authentication
- Have a strong password. Your password manager can generate one made from words. Easy to remember; hard to guess.
- Make sure you know how to force your device to require a password. You can be tricked or forced to authenticate biometrically. Law enforcement can't force you to reveal a password; and if you're careful, you can't be tricked out of it.
- Be aware of your surroundings. Bad actors can "shoulder surf" and get your password, or cameras. It's just like the old days at the ATM. You don't want a person right behind you to see your PIN.
Hosts:
Jim McQuillan can be reached at jam@RuntimeArguments.fm
Wolf can be reached at wolf@RuntimeArguments.fm
Follow us on Mastodon: @RuntimeArguments@hachyderm.io
Theme music:
Dawn by nuer self, from the album Digital Sky
Host
Jim McQuillan and Wolf
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.