There are two types of passkey. Syncable and device-bound. (see https://fidoalliance.org/passkeys/). Theoretically, the device-bound passkeys never leave the device and users don’t have any access to it except to use it for authentication. The syncable type will first and foremost be synced by the platforms themselves (Google, Microsoft, and Apple), but eventually the 3rd-party password managers will be allowed to be sync providers, but possibly only on newly-released OSes.

As far as I know, the passkey implementations currently on Android and Windows are device-bound; they are not synced to the cloud.

It works for Google, Adobe, and Github for me, on Firefox; those are all the sites I use that support passkeys. It even works with Firefox on Android 13.

Do you have Windows hello enabled? You may want to investigate this more.

This is from the horse’s mouth: https://fidoalliance.org/passkeys/

It is a FIDO alliance protocol. This is meant to replace/supplement password, not as 2FA. The sites I use that implement it, Google, Adobe, and Github use it to supplant both the password and 2FA. Cool thing about it is more less: 1) unphishable 2) doesn’t matter if the website’s passphrase data leaks.

Good question. My bad.

And Tiktok!

Firefox ESR 102.15 & windows 11 (Hello) seem to work fine.

Yeah, neither seems likely any time soon.

Yeah, it spreads to everybody that is a “threat” to the power that be.

a person of interest

Thanks for the reminder.

article:

journalists, opposition politicians, and activists

wikipedia: pretty much anybody of interests of the people with the ability to acquire the service

journalists, lawyers, political dissidents, and human rights activists

scholars, bureaucrats (India)

politicians: head of stead (Iraq), mayors (Israel), associates (Israel), politicians (Israel), son of prime-minister (Israel), presidential candidate and associates (Mexico), prime minister (Morocco), King (Morocco)

government employees (Israel), government officials (Israel), ex government officials (Israel), military officials (Morocco)

employees of government-owned companies (Israel),

suspects (Israel), drug cartels (Mexico), criminal (Netherlands)

civil society members

heads of corporations (Israel)

Panama: foreign spying, including for spying on political opponents, magistrates, union leaders, and business competitors, with Martinelli allegedly going so far as to order the surveillance of his mistress using Pegasus.[5]

Thx. You don’t seem to be the only one.

In July 2022, Charlie Osborne of ZDNet suggested that individuals who suspect a Pegasus infection use a secondary device with GrapheneOS for secure communication.

https://www.zdnet.com/article/how-to-find-and-remove-spyware-from-your-phone/

Well, that’s most terrifying. Can you do anything about it except not using smartphones?

Yeah, no Google either. I heard Apple is currently spending over a million dollar a day for AI training. Soon, you’ll have something beyond Siri.

I wonder if, for Meta, being open-sourced wouldn’t fit the company with the rest. Also, for now, it looks like a publicity stunt with no real teeth. Those more substantial AI companies maybe holding out for more favorable treatments.

Opting out is likely impossible for people living outside the GDPR area right now.

They need those brain cells to combat the scams, and hence, less dementia. ;-)

Thanks. This could be a useful tool, but the scoring seems a bit “beta” at the moment. Still like the Recommended flair for Firefox better.

TLDR;

In November 2022, LastPass, a password manager service, suffered a data breach in which hackers stole password vaults containing encrypted and plaintext data for over 25 million users. Since then, there has been a series of cryptocurrency thefts targeting individuals in the tech industry, totaling more than $35 million. These thefts primarily targeted individuals deeply integrated into the cryptocurrency ecosystem, including employees of crypto organizations and venture capitalists.

Researchers, led by Taylor Monahan, CEO of MetaMask, have identified a common factor among these victims: they had previously used LastPass to store their “seed phrase,” which is a critical private key for accessing their cryptocurrency investments. Armed with this seed phrase, attackers can instantly access and transfer the victim’s cryptocurrency holdings.

The LastPass breach exposed vulnerabilities in its security, particularly related to the master passwords and encryption settings. LastPass users who stored important passwords, especially for cryptocurrency accounts, are urged to change their credentials immediately and migrate their crypto holdings to offline hardware wallets. Alternatives like 1Password, which offer additional security layers like a Secret Key, are recommended.

While the research suggests a strong link between the LastPass breach and the cryptocurrency thefts, it’s challenging to definitively prove causation. Nonetheless, security experts advise taking immediate action to protect digital assets.

How convenient. Now we can blame the “accidental” killing on the bots.

Don’t know for sure, but if this was posted in the privacy group, probably lots. OTH, from https://www.demandsage.com/gmail-statistics/ , there are 1.8 billion active gmail users, with 121 billion emails (probably including spams) sent a day. If you are using an Android phone (3.6 billion active phones worldwide) and not using custom ROM, you most likely are using Google services.