How Chrome Handles FIDO2 Keys: Native Windows API vs Chrome-Managed WebAuthnFIDO2 security keys offer passwordless and phishing-resistant authentication, and Chrome is one of the best browsers for testing and using…May 6May 6
Obfuscated Script inside an SVG file: A Deep Dive Into a Stealthy Redirection AttackRecently, I encountered an intriguing and potentially dangerous piece of embedded code disguised as a seemingly harmless SVG file. What…Apr 17Apr 17
Practicalities of Using Passkeys with Entra ID: What You Need to KnowPasskeys are quickly becoming the modern, phishing-resistant replacement for passwords. Microsoft Entra ID (formerly Azure AD) has begun…Apr 14Apr 14
Disabling Removable Storage in Group Policy Does Not Affect FIDO2 KeysMany organizations implement strict security policies to prevent unauthorized data transfers by disabling removable storage devices via…Mar 19Mar 19
Playing with Time Drift Tolerances in Entra ID: A Hands-On ExperimentTime drift — small discrepancies in time between systems — is a common challenge for authentication services, especially when relying on…Mar 7Mar 7
The State of FIDO2/Passkey Implementations: A Messy RealityFIDO2 and Passkeys promise a future without passwords and free from phshing ris, offering phishing-resistant authentication with strong…Feb 26Feb 26
Why Are Some FIDO2 Credentials Visible as Passkeys and Others Not?In the realm of phishing-resistant authentication, FIDO2 security keys and passkeys have become essential tools for enhancing online…Feb 21Feb 21
Passkey Implementations: How to Do It RightIn a previous blog post, “Adding a FIDO2 Security Key to Your Hotmail Account — A New Puzzle”, I discussed the mess surrounding passkey…Feb 12A response icon1Feb 12A response icon1
Adding a FIDO2 Security Key to Your Microsoft Account: A New Puzzle?FIDO2 security keys are a fantastic way to secure online accounts, offering a convenient and highly secure alternative to traditional…Jan 3Jan 3
From Unlocked Gates to Smart Security: How a Raspberry Pi Fixed a Doorbell DisasterI usually blog about cybersecurity — authentication protocols, phishing-resistant systems, and the like. But today’s post is a bit…Dec 3, 2024Dec 3, 2024