Episode 0: Passkeys Runtime Arguments podcast

2M ago 46:44

Content provided by Jim McQuillan & Wolf and Jim McQuillan. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Jim McQuillan & Wolf and Jim McQuillan or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.

Show notes:

There are many scams, some to get your password(s), some just for money. Here's a sample list: https://www.experian.com/blogs/ask-experian/the-latest-scams-you-need-to-aware-of/

Lists of login methods:

Who implements Passkeys?

The three things that come together to make passkeys:

Using key pairs, like SSH: https://www.ssh.com/academy/ssh/public-key-authentication
Biometric authentication, you're already used to it from your phone
New User Interface "ceremonies"

Which password managers support passkeys?

1Password (our personal favorite)
Bitwarden
Dashlane
Google Password Manager
Keeper
NordPass
RoboForm

A little about password managers:

Almost any password manager is better than no password manager at all so do your research. Find the best one for you. Make sure it answers these questions:

Does it run on all the platforms you care about?
Does it have a pricing model you like?
Does it use a cloud service, or not, or of your choice, in a way that you like?
Does the password service itself have access to your keys?
What kind of secrets can it keep?
Passkey descriptions and implementation documents
- The FIDO alliance: https://fidoalliance.org/passkeys/
- Google (for developers): https://developers.google.com/identity/passkeys/developer-guides
- Apple (for developers): https://developer.apple.com/passkeys/

Wolf's top three personal digital security recommendations

Use a password manager (it should support passkeys). See above.
- Once you create a passkey for a specific service; change your previous password. The new one should be generated by your password manager and you should never use it unless you absolutely must.
Make sure your device is secure
- Use biometric authentication
- Have a strong password. Your password manager can generate one made from words. Easy to remember; hard to guess.
- Make sure you know how to force your device to require a password. You can be tricked or forced to authenticate biometrically. Law enforcement can't force you to reveal a password; and if you're careful, you can't be tricked out of it.
Be aware of your surroundings. Bad actors can "shoulder surf" and get your password, or cameras. It's just like the old days at the ATM. You don't want a person right behind you to see your PIN.

Hosts:

Jim McQuillan can be reached at [email protected]
Wolf can be reached at [email protected]

Dawn by nuer self, from the album Digital Sky

4 episodes