Tag

Fido2

All articles tagged with #fido2

security5 months ago•2 min saved

PoisonSeed Attack Downgrades FIDO2 MFA Using Novel Phishing Tactics

PoisonSeed threat actors are bypassing FIDO2 security keys by exploiting the cross-device sign-in feature in WebAuthn, tricking users into approving login requests from fake portals. This attack does not exploit a flaw in FIDO2 but abuses a legitimate feature, prompting organizations to implement additional security measures such as geographic restrictions and Bluetooth authentication. The attack highlights evolving methods to circumvent phishing-resistant authentication systems.

via BleepingComputer|

#fido2 #multi-factor-authentication #phishing

technology2 years ago•1 min saved

Google's Titan Security Keys: Revolutionizing Password-Free Authentication

Google has released two new versions of its Titan Security Key, featuring USB-C and USB-A connections, as well as NFC support. These keys are compatible with FIDO2 and can serve as two-factor authentication security for various online accounts. With the ability to hold over 250 unique passkeys, they offer a passwordless solution that goes beyond traditional two-factor technologies by using cryptography to verify the legitimacy of the key and protect against phishing attacks. Users can authenticate by connecting the key and verifying with a PIN, eliminating the need for passwords.

via The Verge|

#fido2 #google #passwordless

technology2 years ago•2 min saved

"September Android Updates: Enhanced Security and Connectivity, Fixes Zero-Day Exploits"

Google's September system updates include improvements to Android's support for the FIDO2 security standard, with the addition of PIN Protocol for added security. Google Wallet will also receive minor enhancements, such as new email preference settings and improved card management in Japan. The Play Store will introduce a new settings page to simplify survey choices.

via 9to5Google|

#android #fido2 #google-play-store

technology2 years ago•4 min saved

Google's Quantum-Resistant FIDO Encryption Algorithm Unveiled

Google has announced the release of the first implementation of quantum-resistant encryption for FIDO2 security keys, which provide secure logins to websites without passwords. The implementation combines the elliptic curve digital signature algorithm (ECDSA) with a post-quantum algorithm called Dilithium. This hybrid approach aims to protect against future quantum attacks while also relying on the battle-tested ECDSA algorithm. The implementation is small enough to run on security keys' constrained hardware and offers improved signature speed. Google hopes to see this implementation standardized and supported by major web browsers to protect users' credentials against quantum attacks.

via Ars Technica|

#encryption #fido2 #google

technology2 years ago•2 min saved

Google's Quantum-Resilient FIDO2 Key Implementation Ensures Data Security

Google has released the first open-source quantum-resilient FIDO2 security key implementation, using a unique ECC/Dilithium hybrid signature schema. As quantum computing advances, traditional public key cryptography becomes vulnerable to quantum attacks. To address this, Google combined the ECDSA algorithm with the Dilithium algorithm to create a hybrid signature approach. The implementation, developed by Google engineers, is compact and high-performing, making it suitable for security keys. Google hopes that this proposal will become a new standard supported by major web browsers, emphasizing the need for next-gen cryptography at an internet scale.

via BleepingComputer|

#fido2 #google #hybrid-signature-schema

cybersecurity2 years ago•3 min saved

Beware of Latest Phishing Threats: Authenticators and Open Source Kits Vulnerable

Criminals are using software that sells for as little as $300 to deploy phishing campaigns that can bypass some forms of multi-factor authentication (MFA), including those that use time-based one-time passwords (TOTPs). The software, which is responsible for more than 1 million malicious emails each day, uses a technique known as adversary in the middle (AitM) to place a phishing site between the targeted user and the site they are trying to log in to. The most effective barrier to account takeovers is MFA based on the industry standard known as FIDO2.

via Ars Technica|

#aitm #cybersecurity #fido2