Going through Entra ID training modules. It has phone sign-in, windows hello, FIDO2 security key, and certificates as more secure. Can someone explain why that is? 2FA has been the standard for years. I'm aware sms can be compromised, is this now the case for authenticator apps as a whole as well? What makes the above listed different? submitted by /u/PaulTheMerc [link] [comments]
submitted by /u/digicat [link] [comments]
Explore Auth0's August 2025 product updates, featuring enhanced flexibility with passwordless connection switching and improved security through DPoP and TLS fingerprints.
Researchers at DEF CON 33 have disclosed a major vulnerability affecting passkey authentication, a method widely adopted to replace passwords. The flaw allows attackers to exploit browser-level weaknesses, intercept passkey registrations, and gain unauthorized access to banking, shopping, and enterprise SaaS accounts. With over 15 billion accounts passkey-enabled, this vulnerability could impact billions of users globally. Experts warn that malicious browser extensions or simple scripts can...
It is no secret that passwords are highly susceptible to phishing and brute force attacks. This led to the mass adoption of passkeys, a passwordless authentication method leveraging cryptographic key pairs that allows users to log in with biometrics or a hardware key. According to FIDO, over 15 billion accounts have been passkey-enabled, with 69%
arXiv:2508.11928v1 Announce Type: new Abstract: With the rise of sophisticated authentication bypass techniques, passwords are no longer considered a reliable method for securing authentication systems. In recent years, new authentication technologies have shifted from traditional password-based logins to passwordless security. Among these, Time-Based One-Time Passwords (TOTP) remain one of the most widely used mechanisms, while Passkeys are emerging as a promising alternative with growing...
submitted by /u/digicat [link] [comments]
We chat with friend of the pod and special guest Alex Gaynor, former chief technologist at the FTC and all around good Security Person(TM). Join for nerdery about WebAuthn, stay for accidentally melting down GitHub APIs around November 2020! Watch on YouTube: https://www.youtube.com/watch?v=gBoGvyvsSi4 Transcript: https://securitycryptographywhatever.com/2025/08/16/alex-gaynor Links: - https://knowyourmeme.com/memes/no-take-only-throw - https://alexgaynor.net/2025/jan/13/challenges-funding