This is why I use Linux, the fingerprint device wouldn't be supported so this wouldn't be an issue /s
Mmm yes security by non-functionality. A pillar of the modern cybersecurity framework.
Can't hack a brick 🤷
But you can use a brick to hack windows.
When you could have said crack, but instead said hack.
But you can use a brick to hack windows
yes indeed, the good ol' broken windows fallacy!
Something something Soviet Russia..
And this is why I am typing this on a 1921 Royal No. 10 typewriter.
Found Tom Hanks's Lemmy account.
Works for my webcam. Tbh I'd like someone to hack it, would mean they would've written drivers for it
It is called zero trust, killing functionalities is zscaler core business
The fun thing about Linux is your realize physical control is ownership. You can just throw a Bootable Linux image with some utilities and remove the password from a Windows account in a second. If you really need to keep something safe, it has to be encrypted.
I got a T80s and the sensor doesn't work. It's an 8th gen Intel machine, that's like four or five generations behind.
I've got a T440p and I just set it up through the menu in the KDE settings, it worked right out of the box.
Mine's not in libfprint, libfprint-tod, or libfprint-goodix. Running GNOME because I heard fprintd was easier to implement instead of KDE, which is usually my pref DE.
Nah I use fprint on my arch laptop so there is fingerprint login technology. Hopefully that doesn't have security vulnerabilities.
It has vulnerabilities for sure. But they haven’t been found because no one cares about hacking you or the 1 other person on earth that use Arch and fingerprint security.
Security by obscurity lol
Correct answer.
Using any form of biometric 'login' under the US's "justice" system is supremely ill-advised.
That's funny, on my XPS Windows crashed when I tried adding a fingerprint. Works flawlessly under Arch.
Today I was fucking around with this shit. I can't even update my distro, otherwise ecryptfs will go adios, and fingerprinting will be broken.
wouldn't be supported so this wouldn't be an issue
I did not expect that 😅
One of the major reasons I gave up on trying to run Linux on my laptop was lack of fingerprint reader support.
That would be a plus for me, actually. I never liked fingerprint authentication.
So YES, from someone who was asked to do fingerprint authentication in a sensitive environment (and had to refuse, even to the salespeople pested me)
You can choose not to use it even if Linux supports it.
Yup. I know that.
Then I really don't see how it's a plus. Smaller kernel size? lol
The plus is that I don't even need to think about it.
My phone tries to trick me to enable fingerprint authentication every few months. My laptop? Perfection.
How is not having support for something a plus for you? I swear to god, some Linux users are so stuck up.
Where to start....
My dumb TV doesn't support smart features. A plus.
My coffee maker doesn't support wifi. A plus.
My games don't support in-app purchases. A plus.
My windows 10 laptop (did you read that?! Whaaat, I'm not a Linux user???!!!) doesn't support Windows 11. Major plus.
My MacBook's OS version (no way!!!) doesn't support unnecessary FaceTime features. A plus.
What TV did you get that doesn’t have smart features?
I looked, but all the ones I could find were 1080p, no HDR, and either tiny or made for commercial/industrial installation.
I got a Sceptre one a few years ago. Okay quality, terrible speakers (though an external soundbar takes care of that.)
"what, you dont want to use the new door lock made from soggy white bread? You deadbolt losers are so stuck up"
fingerprint login is not secure. period. Being stuck in using a password login is a plus
You could just disable fingerprint login, though.
Sure, but that's not the point of the conversation. The point is that some stranger is judging a whole community for the preference of one single person who may or may not belong to said community.
I have a Microsoft fingerprint reader that works fine on Linux lol
It stopped working when I uninstalled Edge, and so did the face recognition. So it depends on WebView or some shit. Pretty sure it’s Microsoft's way of getting around the new EU regulations and hastily integrating the browser into everything, regardless of it making sense or improving security. like they did with 98 after the browser anti-competitiveness lawsuit.
Wtf. It shouldn't even need those permissions. All it needs to do is scan if the fingerprint it stores matches you.
It uses web view for web authentication for registering your Hello PIN to your Microsoft account. So it's by design on Microsoft's end. You can then use the Windows Hello credential as a passkey but if you don't want that, you'd need another solution for biometric auth.
Still, that does not explain the Edge dependency. Lots of programs can communicate with their respective servers without browser technology.
It kinda does though, if you look at it from a speed/competency aspect. I'm more and more convinced that the people who build out features only have tangential ideas on how it integrates into the overall system, so just throwing a browser at every problem gets you a cookie cutter backend with APIs and let's you shove half baked features out the door without having to figure out how to wrap data in protocols since you just hand your payload so the browser and wait for a response.
Oh sweet summer child. No. That would have been the intelligent approach. It could have been fast and secure but it wouldn’t have had all that delicious telemetry nor taken another step towards charging you rent just to use your computer.
They locked it behind two online services. Welcome to the new Microsoft. If it doesn’t include charging you rent or using you & your private information to train a large ai model. They don’t care.
hastily integrating the browser into everything, regardless of it making sense
So software development in general in the last couple of years?
Yes. JavaScript is famously the best programming language ever, so why not? /s
Reading the article it doesn’t sound like it’s Microsoft’s issue but the vendor’s implementation and lack of using the secure communication protocol.
it sounds like microsoft's own laptops dont implement the spec properly!
Microsoft doesn't make fingerprint readers.
Yea, but they sourced the parts from a vendor, and still didn't make sure the vendor was properly following the spec.
Just goes to show how complicated it can be!
Not sure why you being downvoted, one of the three laptops they cracked was a Surface. Of course Microsoft doesn’t “make it” but very few tech brands actually manufacture the hardware. By the way the Surface was sufficiently different in its design from the others that hints it’s a custom build anyway, not just an off label hardware with Microsoft stamped on it.
Microsoft has marketed surface pro type covers with a fingerprint reader. I use one at work.
Edit: lots of opinions below. Biometrics are a username, a thing you are. Finger printed can be taken from your laptop with a little powder and masking tape.
Use an authentacator app or security key kids!!
Better put would be stop using biometrics for single factor authentication. A token can be stolen, or a passcode/push notification can be phished/bypassed as easy as biometrics can.
Biometrics are two factor, because you need the fingerprint and the device they unlock.
You can't use the device without the fingerprint and you can't take someone's fingerprint then use them from a different device.
You are not wrong, but you we should understand what class of attacks we are protecting against. Will biometrics stop your maid from using your device? Probably less. Will it stop the FBI? Not so sure.
Now, you may say, an FBI raid is not what you worry about on a daily basis. Agree.
If you are trying to keep the photos on your device safe from snooping, your good. Attacker needs the device and your fingerprint.
When we talk online accounts, I'd count device+fingerprint as one factor. Sure, the maid from the example above can't login into your gmail without your fingerprint, but most attacks are online. Your device sends a token to gmail, a cookie, a String; that's like a password. One factor.
Technically, it's slightly better than a password, because this token can be short-lived (although often it's not), could be cryptographic signature to be used exactly once (although...), you cannot brute-force guess the token.... But IF the token leaks, the attacker has full access (or enough to cause damage).
That's why I would suggest an independent second factor, such as password. Yes, a password. Not for your daily routine (biometrics+device is much better), but maybe for high-risk operations.
Will biometrics stop your maid from using your device? Probably less. Will it stop the FBI? Not so sure.
A sufficiently motivated maid will be able to do it. The FBI eats that kind of stuff for breakfast.
The good news? You can use ordinary gloves, no need for tinfoil.
No, wrong. Still two factor because your fingerprint plus your device.
These authentication methods aren't as simple as the two factor Google Authenticator 6 digit number. They are cryptographically secure keys. Even if someone finds out what the token is, they still cannot send a valid request because they cannot generate a digitally signed request using the private key locked in your device's hardware, unlocked by your biometrics.
Passwords are inherently insecure and relatively easy to break. Digital signatures and secure tokens are almost unbreakable
You're right. By most definitions of MFA biometrics would pass. A biometric is something you are, and the device is something you have. My comment is more for privacy zealous people, who are concerned that they could be compromised by governments without a "something you know" component.
In Doom I had to rip off a dudes arm to gain access to the security controls on core cooling shutdown. If you don’t want to lose an arm to stop a demon horde, you’re better off just using your girlfriend’s fingerprints
Exactly the point I'm trying to make!!
No… I get it totally. That why I know my girl’s worth my time, she’s willing to potentially give up her arm for me to still play DOOM 8 days a week
A username is not something "you are", it's something "you know". Biometrics are not nearly the same as usernames.
A username is something you are. It's you! You are 0xD.
A password is something you know.
A security key is something you have.
When we interview security analysts you don't get past the first round if you disagree.
If your interview involves telling me a username is "something you are" rather than "something you know", I'm running away from that job as fast as I can.
Other people know your username.
How hard is this?
I guarantee you I know thousands of people's passwords as well, I just don't know the username associated.
By this same logic, other people could know your fingerprint since it's "something you are". No, other people cannot know your fingerprint. It's a complex mathematical equation to a computer. This is such a terrible take.
Source: CASP+ certified.
No, this username is one of the names I've chosen for the accounts I use on lemmy. It does not identify me, it identifies the lemmy accounts that I just so happen to know the password for. I was just about to create an account with your username on another instance but meh, that's too much work. Just imagine me having done that and think about what you just wrote.
I would be vary of the people agreeing with you on something so basic yet so wrong.
An authentication factor is a unique identifier that shows that you possess something that others don't. Biometrics are something you are because your fingerprints, your retinas, or your DNA are (mostly) unique to you. A security key is something you have because unique cryptographic material is saved on the hardware device that cannot be replicated somewhere else (which is why many mobile authenticators really aren't). And a password is something you know because... Bla bla bla.
To be pedantic, a username is not a factor in this sense at all; It is an identifier for an account that you have to prove authorization for by presenting some kind of factor, sometimes multiple.
Exactly, it's fundamentally insecure.
As with all things security, it depends entirely on your thread model and the value of what you’re trying to protect.
Biometrics can be a much more secure option than using a PIN or password, depending in circumstances.
For example: when I’m working on my laptop on the train or in a coffee shop and I need to log into some website I’d rather use my fingerprint to unlock the passkey than type in a password in a public place where I have no idea who is observing me entering my password.
Same goes for paying with your phone, you can either enter your phone PIN in a crowded supermarket or you unlock with FaceID.
Also, for phones, for a lot of people the alternative to biometrics wouldn’t be a PIN, it would be no authentication whatsoever. Biometrics lowers the barrier to having a form of authentication at all.
for a lot of people the alternative to biometrics
Full password Android user representing here... It's surprising how few people bother to even stop any amount of snooping on their phones. but I guess it's only surprising in that I wished more from society in general.
Can you explain how?
Biometrics can be spoofed, or the body part stolen in extreme cases.
Also, in the US at least, biometrics aren't protected by the same rights that allow you to not incriminate yourself. IIRC they're considered a thing you have, which you can be compelled to surrender or use to unlock a device, vs something you know (like a password or pattern) which you can withhold if it would be incriminating. Check with a lawyer on this one, I haven't paid attention to the case law here for a bit.
If someone is stealing my body parts, what they access on my devices is the least of my worries!
They don't have to be stolen. Imagine some clever thief drugging your drink, then when you're incapacitated they take your phone and press your finger to it or hold it up to your face to unlock it, then transfer all your money out of Venmo or whatever money transfer app you have on your phone.
The comment I replied to said stolen, which is what I was getting at.
There’s also nothing to stop someone watching over your shoulder to see your PIN for your phone/laptop. Nothing is infallible.
God, the shit people dream up to worry themselves about. Nobody is drugging you to unlock your phone.
Really? Would be up there for me. Sucks to miss a finger or eyeball, but if they've also drained my bank account and my credit card - I'm going to be even more pissed for sure.
Ask OPM how they plan on getting my fingerprints back.
How are biometrics fundamentally insecure?
If it is low detail enough to consistently 'work', it isn't complex enough to be better than something like a chip and pin approach.
They are repeatedly bypassed with easy hacks like silly putty and photographs. People's biometrics are not unchanging. Burned fingers, swollen eyes, and sore throats are things that can change enough to make biosecurity unreliable. That is before cold and heat and how they effect biological things!
That is all before you take into account the fact that some people don't have whatever is being used. Have fun using eye based biosecurity on someone with cataracts or is missing their eyes entirely due to injury or just being born without them fully developed. Or they have a physical issue that makes it hard for them to interact with the bio reader. Stephen Hawking needing to lean towards a mounted eye scanner would be impossible for example.
So either you have mediocre security that allows for a lot of false positives to get through or you end up having to add a bypass system for when it fails, and now you have two ways that security can be defeated! A non-biological solution with two factor authentication of an item and a PIN or other knowledge piece is far more secure than biosecurity can ever be.
So already insecure, but in addition to that anyone with physical access to the person can force them to do the biosecurity. Police are able to force someone to put their finger on their phone, or look at the screen for a face unlock. Maybe they aren't legally able to, but it is a good example of not being secure.
I couldn't have said it better.
Not to mention that a company could easily harvest this information, just look at FTC for example.
Well I could have, but simply chose not to.
Me too!
They aren't 100% reliable and it has its' challenges based on its implementation but I wouldn't consider it fundamentally insecure. It's as secure as a NFC token, TOTP, or a push notification as a form of authentication. It's like birth control, no method is 100% safe and effective, but plain username and password auth is like pulling out, anything is better than that.
Biometrics are perfectly fine! We probably don't even live in the same country, I'm not going to get a hold of your fingerprints.
There seems to be a fundamental misunderstanding of what the biometrics actually do. The biometrics only unlock the device and give access to the security key. Once unlocked it's exactly the same as using a yubikey, and far better than an authenticator app, as they use a crypto key, not a 6 digit number.
Well
The biometrics only unlock the device
Yes
and give access to the security key
This is the goal, sure, but what does this actually mean on device that's mostly governed by software?
There's a chip (like a yubikey) in the device that can hold cryptographic keys.
That's good because the key cannot (easily) be extracted from the device.
That's good as long as no one has physical access to your device.
With physical access, you hope that the device's unlock mechanism is reasonably secure. That's biometrics OR password/pin.
The 'or' is the problem. For practical reasons you don't want exactly one method hard-wired. You have a fingerprint scanner (good enough), the secure element (good enough) and lots of hard- and software in between (tricky).
I'm not against biometrics (to unlock a device) because it's convinient and much better than not locking the device at all. I'm also not against device trust (which you need if you want to store crypto keys sonewhere without separate hardware), but the convience of a single-device solution (laptop or phone) comes with a risk.
If an attacker can bypass the unlock method or trick you into unlocking or compromise the device, your secrets are at risk. Having the key stored in the secure enclave (and not in a regular file on the hard disk) prevents copying the key material, but it does not prevent using the key when the attacker has some control over the (unlocked) device.
A yubikey is more secure because it's tiny and you can carry it on your keychain. The same chip inside your laptop is more likely to fall into the hands of an attacker.
If someone has physical access to you and your device, they are getting in
Microsoft’s Offensive Research and Security Engineering (MORSE) asked Blackwing Intelligence to evaluate the security of fingerprint sensors, and the researchers provided their findings in a presentation at Microsoft’s BlueHat conference in October.
The team identified popular fingerprint sensors from Goodix, Synaptics, and ELAN as targets for their research, with a newly-published blog post detailing the in-depth process of building a USB device that can perform a man-in-the-middle (MitM) attack.
Blackwing Intelligence researchers reverse engineered both software and hardware, and discovered cryptographic implementation flaws in a custom TLS on the Synaptics sensor.
The complicated process to bypass Windows Hello also involved decoding and reimplementing proprietary protocols.
The researchers found that Microsoft’s SDCP protection wasn’t enabled on two of the three devices they targeted.
Blackwing Intelligence now recommends that OEMs make sure SDCP is enabled and ensure the fingerprint sensor implementation is audited by a qualified expert.
The original article contains 474 words, the summary contains 145 words. Saved 69%. I'm a bot and I'm open source!
... Did that say "custom implementation of TLS"?
That's like... The first rule of security. You don't roll your own cryptographic implementation. Like, first you're told that, then they tell you the difference between security and obscurity, say both those things in bold, and continue with whatever beginner topic
im all for the something you have + something you are , pb&j relationship, but i dont think lathering biometrics on top is a good idea,far too many spy movies have shown Tom Cruise doing the MOST for pictures of eyeballs and fingerprints for me to ever trust this type of auth
The main issue with biometrics is that you can't change them. If your fingerprints or retina are compromised you're fucked.
Unless I meet you in person, I'm not going to get your biometrics. The point of these is to protect your accounts from the global Internet.
And yet, as a service member that was part of the 2013 OPM data breech, my finger prints (and an estimated 5.5 million other peoples) were part of the dataset that was stolen.
So... What's your point about "Global Internet"? If my data was stolen, and sent to the "Global Internet"(The fuck does this even mean?)... There's no functional difference to an exposed password.
My point is that I'm not worried about the relatively few people who could steal my fingerprint. I'm worried about the millions of people around the world who will try to steal my passwords and access my online accounts.
If everyone secured their accounts with a biometrically secured security key, they would be far more secure than if they continue to just use a password.
Tgose who go around spreading misinformed FUD over biometrics ensure people who don't know better continue to use weak passwords.
Even if someone gets your fingerprints from the OPM breach still can't use them because they also need your phone. You are still protected from all of the hackers around the world.
My point is that I’m not worried about the relatively few people who could steal my fingerprint.
This group is much larger than you're assuming.
I’m worried about the millions of people around the world who will try to steal my passwords and access my online accounts.
Bio doesn't stop people from setting bad passwords.
If everyone secured their accounts with a biometrically secured security key, they would be far more secure than if they continue to just use a password.
Except you should know better than this... They will simply do BOTH. Set a terrible password because they will be required to make one from the get-go AND use bio. There is no service on the face of the planet that strictly accepts tokens from Bio tools. Simply using Bio doesn't stop those online from bruteforcing the underlying password.
Tgose who go around spreading misinformed FUD over biometrics ensure people who don’t know better continue to use weak passwords.
No. I "Spread FUD" because I understand that a good password MUST be revocable. Which Bio CANNOT be. Bio is a username.
Even if someone gets your fingerprints from the OPM breach still can’t use them because they also need your phone. You are still protected from all of the hackers around the world.
No... I'm protected because I use functionally impossible passwords to break that are truly randomly generated and of sufficient length. Further to protect things I use a Yubikey, when supported. Further I use services that monitor breeches and actively change those affected passwords. Bio adds nothing to my protection and in my case (and the case of millions of other people) would actively hinder it.
You have the premise backwards though. It's now, if someone has your device at all... you cannot presume it to be capable of securing anything since your prints are likely on the device itself anyway, oops...
There is no service on the face of the planet that strictly accepts tokens from Bio tools. Simply using Bio doesn't stop those online from bruteforcing the underlying password.
No. I "Spread FUD" because I understand that a good password MUST be revocable. Which Bio CANNOT be. Bio is a username.
Incorrect because your bio is not the password, the private key is. The private key is revocable. Your bio just unlocks your hardware key store and makes the private key accessible to the software.
This is what I mean when I say people do not understand biometric authentication.
Once you remove your password from your account, you will need to sign in using a passwordless method like the Microsoft Authenticator app, Windows Hello, physical security keys, or SMS codes.
SMS
So which 2fa method do we NEVER ask users to use anymore? You know... because lying to a phone carrier and getting a new sim card sent to someone who isn't on the account is the hardest thing in the world to do! Or cloning a sim card.
Windows Hello
Which just had some leaks about how insecure it is.
You're going to have to do way better than this...
Regardless all three of these would then rely on your specific device to login, which MUST have a recovery method. Since you know... devices break, get reformatted, etc... What does that process look like? With a password... I simply change the password. Can you guarantee that I can revoke the key and replace it without having to buy new hardware?
They sync shit using iCloud... The private key is not secure. I don't care what your argument is if it's in relation to apple. If you need further argument on this topic... Just look at all the leaked videos from Tesla cars. Big companies DO NOT DESERVE YOUR TRUST.
Incorrect because your bio is not the password, the private key is. The private key is revocable. Your bio just unlocks your hardware key store and makes the private key accessible to the software.
And you say I don't have an understanding... It doesn't matter how many keys deep you have to go. If the end of the line is an item that has been compromised, it DOESN'T MATTER how many steps you take after that. The compromised item is already obtained when you obtained the device.
Now... Can you tell me the process to revoke the private key from your fingerprint reader on your phone? You claim it's revocable. Revoke it. Show me. I'll wait. Can you prove that the blob in your phone is doing that? These chips are written once at the manufacturer with no oversight or validation. I'm not an idiot. I know your literal fingerprint isn't sent up to the cloud. It's used to tell a local chip to authenticate a public key against the private one contained within that typically never leaves the chip (except that the passkey standard actually allows key mobility, so it's actually worse than the FIDO standard that it's built upon). It's a blob that you have no insight into and no control over.
If I were to bump into you, and lift your phone. I'd likely have your fingerprint just by lifting it off your phone and can sign into your phone. That's it... It's like you didn't have a password at all because I simply HAVE it. I've found that theft is actually much greater risk in my life than my digital footprint. But that's only because I can actually mitigate the digital stuff by not being retarded and putting everything into the internet. Theft on the other hand... Can't do much about someone who willingly knocks me the fuck out (gasp! the XKCD comic strikes again!). But I can make sure that if they knock me the fuck out, they don't just get to take my shit and unlock it without my brain remaining functional.
None of that even matters. This is a chain of trust that I can't actually audit... So it's worthless. This requires that I trust Google (android), Samsung(or other device manufacturer), their vendors(whoever makes the fingerprint reader), etc... You know who I have to to trust for my password? My password manager and myself. The fun part is that my password manager is actually audited... and opensource, AND I've looked at it enough to be happy with it. Who audited Windows Hello? https://www.theverge.com/2023/11/22/23972220/microsoft-windows-hello-fingerprint-authentication-bypass-security-vulnerability Ooops.
It's funny, because you know what this does to authentication? It puts all the power into another companies hands... and takes ALL of it out of yours. Which is interesting that someone on Lemmy is gung-ho about this.
Let's look at a real world example of something you might ACTUALLY have to do. You're crossing the border into a country. You have data you really don't want the government snooping into like hot nudes from your significant other. So you wipe your device before you cross the border to ensure the government can't violate your rights. Oops, you no longer can access ANY account you own because you relied on that device to be what unlocks everything.
Also, whats more likely... that you break a device or that a user CANNOT learn how to use a password manager?
Edit: For shits and giggles I logged into my Google account to see what the passkey setup even looks like for them... Turns out that it's automatically created keys for devices I've logged into... Including devices I don't own anymore.
Really secure that is! Nothing screams security like creating methods to access my account without my fucking knowledge. What a joke.
Which just had some leaks about how insecure it is.
Windows Hello didn't. The hardware wasn't implemented correctly allowing the authentication to be bypassed. You misunderstood the issue here
They sync shit using iCloud...
They sync the public key with iCloud, not the private key. You misunderstood how it works.
It doesn't matter how many keys deep you have to go.
There is no "keys deep" there is a public/private key pair that authenticates a single device with a single account. You have misunderstood how a local key store works.
The compromised item is already obtained when you obtained the device.
Which means someone trying to access my account requires physical access to my device. Passwords, no matter how strong leave you open to remote attack.
Can you tell me the process to revoke the private key from your fingerprint reader on your phone?
Open the authencator app and remove the account. Or uninstall the authenticator app. Or delete your local phone account. Or factory reset if you want to go nuclear.
Alternatively if you lost your phone, go to the account online. Browse to the security section and delete the device from the list. Most services have the ability to sign out remotely. All that's doing is revoking the key. The phone doesn't have to do anything. The fact you think something needs change in the "blob" shows you do not understand how encryption works.
If I were to bump into you, and lift your phone.
Again physical access, not remote access. Much smaller attack vector than a password.
It puts all the power into another companies hands... and takes ALL of it out of yours.
You think passwords take power from the company that stores your passwords remotely? You have no idea how they are storing that password. You don't have to trust the company, you just have to trust the open standard these companies are implementing and that public/private key encryption is the standard used to secure the entire Internet.
Also, whats more likely... that you break a device or that a user CANNOT learn how to use a password manager?
Virtually no one uses a password manager. It's too much hassle.
Windows Hello didn’t. The hardware wasn’t implemented correctly allowing the authentication to be bypassed. You misunderstood the issue here
Except I didn't. I outlined a real fucking issue and you're waiving it away without addressing how it's wrong. You realize that Microsoft's own branded laptops have this issue right? If Microsoft cannot create a product that isn't compromised to their own standard then don't you think there's a problem with it?
Here's the relevant quote if you would have read the article instead of yapping about how "I" don't know anything and misunderstand everything.
and Microsoft Surface Pro X all fell victim to fingerprint reader attacks
If Microsoft can't implement their own security standard of Windows Hello. You CANNOT trust it to do anything reasonable let alone be secure. Period.
They sync the public key with iCloud, not the private key. You misunderstood how it works.
You cannot validate a public key without a private key to sign for it, public keys are definitionally public and cannot be used to secure anything. This is like saying that the key in you see in an SSL cert is the only thing you need to prove you're the server... Not even close. You MUST have the private key for the sync to do anything useful. I've misunderstood nothing. The alternative here is that one device simply signs or validates another device being added so now there's 2 sets of keys to an account... The more passcodes/passwords that can access an account the more likely someone can bruteforce in. Either way this becomes more and more of a risk.
There is no “keys deep” there is a public/private key pair that authenticates a single device with a single account. You have misunderstood how a local key store works.
I've not, because I've explained literally in the same post how it actually works. You're being obtuse.
Open the authencator app and remove the account. Or uninstall the authenticator app. Or delete your local phone account. Or factory reset if you want to go nuclear.
This assumes you trust the chip.... which implies trust in the manufacturer, parts vendors, and software lying on top of it.
Alternatively if you lost your phone, go to the account online.
You can't... you've lost your phone to authenticate you into the account. Actually... better yet, login to your google account now... Head over to "your devices", looking at mine, I see 2 devices in there that it REFUSES to let me remove.
All that’s doing is revoking the key.
Yes... a Session key... Not public/private key. You can simply use the same public/private keys to instantiate a new session! And since you've lost your phone and can't authenticate yourself anymore... The person who found your phone certainly can.
Again physical access, not remote access. Much smaller attack vector than a password.
So you've chosen to limit one vector of attack at the risk of completely opening another one... Genius! Especially in this day and age where first party repair shops regularly get found out for stealing customer data...
You think passwords take power from the company that stores your passwords remotely? You have no idea how they are storing that password. You don’t have to trust the company, you just have to trust the open standard these companies are implementing and that public/private key encryption is the standard used to secure the entire Internet.
Companies store password hashes... not the passwords remote... and you want to tell me I don't understand cryptography. Since passwords are transparent and known to me... I can take actions based on that. I can prove that keys aren't being shared across different platforms, etc... I can see exactly what's being passed because I'm the one passing it.
And remember... these companies fuck up regularly.
Virtually no one uses a password manager. It’s too much hassle.
So there's no password manager built into browsers... and companies that don't make millions providing that exact service? Lastpass, Bitwarden, dashlane, etc?
I'll stick to passwords that I can track and operate(which are likely to be more secure than whatever data they're passing as a key). I'll stick to actually functional 2fa tokens via TOTP, and yubikey (which doesn't have sole access to do anything on it's own, unlike a phone). I will not give up my passwords. Trading off 100% of your physical security for what is arguably at worst sidegrade in digital security seems insane to me.
I realize I made an edit to my previous post you might not have seen. Please refer to that as well. But finally I noticed you've completely skipped answering any of the actual scenarios I've posted. Almost like you realize that there's a huge flaw here...
Lastly... I actually taught, researched, and created cryptography at an academic level for a while. I have a feeling I have a deeper knowledge of cryptography than most people do. If you still want to tell me I "misunderstand" everything I would suggest you actually go through my post and actually address the problems I've brought up, then realize that yes... "passkeys" can minimize risk for those who do passwords lazily... but well done passwords and 2fa, are significantly better than passkeys alone. Forcing people into passkeys forces people to only operate under a specific platform that must be trusted to work further eliminates other valuable security features in the process as well. As someone who's security conscious... as you present yourself to be... you should not be de-facto trusting these organizations at all... but for some reason you are. And that's odd.
It doesn't need to be physical breach. If it's stored somewhere it can (and might) be accessed by someone else and reconstructed.
And still useless unless they also steal your phone. You are still safe from the hackers on the other side of the planet
The Surface Pro X has a fingerprint reader? Is it on the keyboard or something? Mine sure doesn't have one.
This is why I use Linux, the fingerprint device wouldn't be supported so this wouldn't be an issue /s
Mmm yes security by non-functionality. A pillar of the modern cybersecurity framework.
Can't hack a brick 🤷
But you can use a brick to hack windows.
When you could have said crack, but instead said hack.
yes indeed, the good ol' broken windows fallacy!
Something something Soviet Russia..
And this is why I am typing this on a 1921 Royal No. 10 typewriter.
Found Tom Hanks's Lemmy account.
Works for my webcam. Tbh I'd like someone to hack it, would mean they would've written drivers for it
It is called zero trust, killing functionalities is zscaler core business
The fun thing about Linux is your realize physical control is ownership. You can just throw a Bootable Linux image with some utilities and remove the password from a Windows account in a second. If you really need to keep something safe, it has to be encrypted.
The one on my Thinkpad works just fine :)
I got a T80s and the sensor doesn't work. It's an 8th gen Intel machine, that's like four or five generations behind.
I've got a T440p and I just set it up through the menu in the KDE settings, it worked right out of the box.
Mine's not in libfprint, libfprint-tod, or libfprint-goodix. Running GNOME because I heard fprintd was easier to implement instead of KDE, which is usually my pref DE.
Nah I use fprint on my arch laptop so there is fingerprint login technology. Hopefully that doesn't have security vulnerabilities.
It has vulnerabilities for sure. But they haven’t been found because no one cares about hacking you or the 1 other person on earth that use Arch and fingerprint security.
Security by obscurity lol
Correct answer.
Using any form of biometric 'login' under the US's "justice" system is supremely ill-advised.
That's funny, on my XPS Windows crashed when I tried adding a fingerprint. Works flawlessly under Arch.
Today I was fucking around with this shit. I can't even update my distro, otherwise ecryptfs will go adios, and fingerprinting will be broken.
I did not expect that 😅
One of the major reasons I gave up on trying to run Linux on my laptop was lack of fingerprint reader support.
That would be a plus for me, actually. I never liked fingerprint authentication.
So YES, from someone who was asked to do fingerprint authentication in a sensitive environment (and had to refuse, even to the salespeople pested me)
You can choose not to use it even if Linux supports it.
Yup. I know that.
Then I really don't see how it's a plus. Smaller kernel size? lol
The plus is that I don't even need to think about it.
My phone tries to trick me to enable fingerprint authentication every few months. My laptop? Perfection.
How is not having support for something a plus for you? I swear to god, some Linux users are so stuck up.
Where to start....
My dumb TV doesn't support smart features. A plus.
My coffee maker doesn't support wifi. A plus.
My games don't support in-app purchases. A plus.
My windows 10 laptop (did you read that?! Whaaat, I'm not a Linux user???!!!) doesn't support Windows 11. Major plus.
My MacBook's OS version (no way!!!) doesn't support unnecessary FaceTime features. A plus.
What TV did you get that doesn’t have smart features?
I looked, but all the ones I could find were 1080p, no HDR, and either tiny or made for commercial/industrial installation.
I got a Sceptre one a few years ago. Okay quality, terrible speakers (though an external soundbar takes care of that.)
"what, you dont want to use the new door lock made from soggy white bread? You deadbolt losers are so stuck up"
fingerprint login is not secure. period. Being stuck in using a password login is a plus
You could just disable fingerprint login, though.
Sure, but that's not the point of the conversation. The point is that some stranger is judging a whole community for the preference of one single person who may or may not belong to said community.
I have a Microsoft fingerprint reader that works fine on Linux lol
It stopped working when I uninstalled Edge, and so did the face recognition. So it depends on WebView or some shit. Pretty sure it’s Microsoft's way of getting around the new EU regulations and hastily integrating the browser into everything, regardless of it making sense or improving security. like they did with 98 after the browser anti-competitiveness lawsuit.
Wtf. It shouldn't even need those permissions. All it needs to do is scan if the fingerprint it stores matches you.
It uses web view for web authentication for registering your Hello PIN to your Microsoft account. So it's by design on Microsoft's end. You can then use the Windows Hello credential as a passkey but if you don't want that, you'd need another solution for biometric auth.
Still, that does not explain the Edge dependency. Lots of programs can communicate with their respective servers without browser technology.
It kinda does though, if you look at it from a speed/competency aspect. I'm more and more convinced that the people who build out features only have tangential ideas on how it integrates into the overall system, so just throwing a browser at every problem gets you a cookie cutter backend with APIs and let's you shove half baked features out the door without having to figure out how to wrap data in protocols since you just hand your payload so the browser and wait for a response.
Oh sweet summer child. No. That would have been the intelligent approach. It could have been fast and secure but it wouldn’t have had all that delicious telemetry nor taken another step towards charging you rent just to use your computer.
They locked it behind two online services. Welcome to the new Microsoft. If it doesn’t include charging you rent or using you & your private information to train a large ai model. They don’t care.
So software development in general in the last couple of years?
Yes. JavaScript is famously the best programming language ever, so why not? /s
Reading the article it doesn’t sound like it’s Microsoft’s issue but the vendor’s implementation and lack of using the secure communication protocol.
"vendors implementation" rings immediate alarm bells...
it sounds like microsoft's own laptops dont implement the spec properly!
Microsoft doesn't make fingerprint readers.
Yea, but they sourced the parts from a vendor, and still didn't make sure the vendor was properly following the spec.
Just goes to show how complicated it can be!
Not sure why you being downvoted, one of the three laptops they cracked was a Surface. Of course Microsoft doesn’t “make it” but very few tech brands actually manufacture the hardware. By the way the Surface was sufficiently different in its design from the others that hints it’s a custom build anyway, not just an off label hardware with Microsoft stamped on it.
Microsoft has marketed surface pro type covers with a fingerprint reader. I use one at work.
https://www.microsoft.com/en-us/d/surface-pro-type-cover-with-fingerprint-id/8x1n09mrq5d0?activetab=pivot:overviewtab
Sounds like Microsoft doesn’t make anything
Stop using biometrics for authentication!!!!!
Edit: lots of opinions below. Biometrics are a username, a thing you are. Finger printed can be taken from your laptop with a little powder and masking tape.
Use an authentacator app or security key kids!!
Better put would be stop using biometrics for single factor authentication. A token can be stolen, or a passcode/push notification can be phished/bypassed as easy as biometrics can.
Biometrics are two factor, because you need the fingerprint and the device they unlock.
You can't use the device without the fingerprint and you can't take someone's fingerprint then use them from a different device.
You are not wrong, but you we should understand what class of attacks we are protecting against. Will biometrics stop your maid from using your device? Probably less. Will it stop the FBI? Not so sure.
Now, you may say, an FBI raid is not what you worry about on a daily basis. Agree.
If you are trying to keep the photos on your device safe from snooping, your good. Attacker needs the device and your fingerprint.
When we talk online accounts, I'd count device+fingerprint as one factor. Sure, the maid from the example above can't login into your gmail without your fingerprint, but most attacks are online. Your device sends a token to gmail, a cookie, a String; that's like a password. One factor.
Technically, it's slightly better than a password, because this token can be short-lived (although often it's not), could be cryptographic signature to be used exactly once (although...), you cannot brute-force guess the token.... But IF the token leaks, the attacker has full access (or enough to cause damage).
That's why I would suggest an independent second factor, such as password. Yes, a password. Not for your daily routine (biometrics+device is much better), but maybe for high-risk operations.
A sufficiently motivated maid will be able to do it. The FBI eats that kind of stuff for breakfast.
Once upon a time, the then German minister of the interior wanted to collect all kinds of biometric data, in passports, in fully connected databases, whatnot. The CCC went ahead and swiped his print off a glass at a reception and published a DIY version to impersonate him in their magazine. Fingerprint authorisation is the security equivalent of a sticky note with your password on your coffee mug.
The good news? You can use ordinary gloves, no need for tinfoil.
No, wrong. Still two factor because your fingerprint plus your device.
These authentication methods aren't as simple as the two factor Google Authenticator 6 digit number. They are cryptographically secure keys. Even if someone finds out what the token is, they still cannot send a valid request because they cannot generate a digitally signed request using the private key locked in your device's hardware, unlocked by your biometrics.
Passwords are inherently insecure and relatively easy to break. Digital signatures and secure tokens are almost unbreakable
You're right. By most definitions of MFA biometrics would pass. A biometric is something you are, and the device is something you have. My comment is more for privacy zealous people, who are concerned that they could be compromised by governments without a "something you know" component.
In Doom I had to rip off a dudes arm to gain access to the security controls on core cooling shutdown. If you don’t want to lose an arm to stop a demon horde, you’re better off just using your girlfriend’s fingerprints
Exactly the point I'm trying to make!!
No… I get it totally. That why I know my girl’s worth my time, she’s willing to potentially give up her arm for me to still play DOOM 8 days a week
A username is not something "you are", it's something "you know". Biometrics are not nearly the same as usernames.
A username is something you are. It's you! You are 0xD.
A password is something you know. A security key is something you have.
When we interview security analysts you don't get past the first round if you disagree.
If your interview involves telling me a username is "something you are" rather than "something you know", I'm running away from that job as fast as I can.
Other people know your username.
How hard is this?
I guarantee you I know thousands of people's passwords as well, I just don't know the username associated.
By this same logic, other people could know your fingerprint since it's "something you are". No, other people cannot know your fingerprint. It's a complex mathematical equation to a computer. This is such a terrible take.
Source: CASP+ certified.
No, this username is one of the names I've chosen for the accounts I use on lemmy. It does not identify me, it identifies the lemmy accounts that I just so happen to know the password for. I was just about to create an account with your username on another instance but meh, that's too much work. Just imagine me having done that and think about what you just wrote.
I would be vary of the people agreeing with you on something so basic yet so wrong.
An authentication factor is a unique identifier that shows that you possess something that others don't. Biometrics are something you are because your fingerprints, your retinas, or your DNA are (mostly) unique to you. A security key is something you have because unique cryptographic material is saved on the hardware device that cannot be replicated somewhere else (which is why many mobile authenticators really aren't). And a password is something you know because... Bla bla bla.
To be pedantic, a username is not a factor in this sense at all; It is an identifier for an account that you have to prove authorization for by presenting some kind of factor, sometimes multiple.
Exactly, it's fundamentally insecure.
As with all things security, it depends entirely on your thread model and the value of what you’re trying to protect.
Biometrics can be a much more secure option than using a PIN or password, depending in circumstances.
For example: when I’m working on my laptop on the train or in a coffee shop and I need to log into some website I’d rather use my fingerprint to unlock the passkey than type in a password in a public place where I have no idea who is observing me entering my password.
Same goes for paying with your phone, you can either enter your phone PIN in a crowded supermarket or you unlock with FaceID.
Also, for phones, for a lot of people the alternative to biometrics wouldn’t be a PIN, it would be no authentication whatsoever. Biometrics lowers the barrier to having a form of authentication at all.
Full password Android user representing here... It's surprising how few people bother to even stop any amount of snooping on their phones. but I guess it's only surprising in that I wished more from society in general.
Can you explain how?
Biometrics can be spoofed, or the body part stolen in extreme cases.
Also, in the US at least, biometrics aren't protected by the same rights that allow you to not incriminate yourself. IIRC they're considered a thing you have, which you can be compelled to surrender or use to unlock a device, vs something you know (like a password or pattern) which you can withhold if it would be incriminating. Check with a lawyer on this one, I haven't paid attention to the case law here for a bit.
If someone is stealing my body parts, what they access on my devices is the least of my worries!
They don't have to be stolen. Imagine some clever thief drugging your drink, then when you're incapacitated they take your phone and press your finger to it or hold it up to your face to unlock it, then transfer all your money out of Venmo or whatever money transfer app you have on your phone.
The comment I replied to said stolen, which is what I was getting at.
There’s also nothing to stop someone watching over your shoulder to see your PIN for your phone/laptop. Nothing is infallible.
God, the shit people dream up to worry themselves about. Nobody is drugging you to unlock your phone.
Really? Would be up there for me. Sucks to miss a finger or eyeball, but if they've also drained my bank account and my credit card - I'm going to be even more pissed for sure.
Ask OPM how they plan on getting my fingerprints back.
How are biometrics fundamentally insecure?
If it is low detail enough to consistently 'work', it isn't complex enough to be better than something like a chip and pin approach.
They are repeatedly bypassed with easy hacks like silly putty and photographs. People's biometrics are not unchanging. Burned fingers, swollen eyes, and sore throats are things that can change enough to make biosecurity unreliable. That is before cold and heat and how they effect biological things!
That is all before you take into account the fact that some people don't have whatever is being used. Have fun using eye based biosecurity on someone with cataracts or is missing their eyes entirely due to injury or just being born without them fully developed. Or they have a physical issue that makes it hard for them to interact with the bio reader. Stephen Hawking needing to lean towards a mounted eye scanner would be impossible for example.
So either you have mediocre security that allows for a lot of false positives to get through or you end up having to add a bypass system for when it fails, and now you have two ways that security can be defeated! A non-biological solution with two factor authentication of an item and a PIN or other knowledge piece is far more secure than biosecurity can ever be.
So already insecure, but in addition to that anyone with physical access to the person can force them to do the biosecurity. Police are able to force someone to put their finger on their phone, or look at the screen for a face unlock. Maybe they aren't legally able to, but it is a good example of not being secure.
I couldn't have said it better.
Not to mention that a company could easily harvest this information, just look at FTC for example.
Well I could have, but simply chose not to.
Me too!
They aren't 100% reliable and it has its' challenges based on its implementation but I wouldn't consider it fundamentally insecure. It's as secure as a NFC token, TOTP, or a push notification as a form of authentication. It's like birth control, no method is 100% safe and effective, but plain username and password auth is like pulling out, anything is better than that.
Biometrics are perfectly fine! We probably don't even live in the same country, I'm not going to get a hold of your fingerprints.
There seems to be a fundamental misunderstanding of what the biometrics actually do. The biometrics only unlock the device and give access to the security key. Once unlocked it's exactly the same as using a yubikey, and far better than an authenticator app, as they use a crypto key, not a 6 digit number.
Well
Yes
This is the goal, sure, but what does this actually mean on device that's mostly governed by software?
There's a chip (like a yubikey) in the device that can hold cryptographic keys.
That's good because the key cannot (easily) be extracted from the device.
That's good as long as no one has physical access to your device.
With physical access, you hope that the device's unlock mechanism is reasonably secure. That's biometrics OR password/pin.
The 'or' is the problem. For practical reasons you don't want exactly one method hard-wired. You have a fingerprint scanner (good enough), the secure element (good enough) and lots of hard- and software in between (tricky).
I'm not against biometrics (to unlock a device) because it's convinient and much better than not locking the device at all. I'm also not against device trust (which you need if you want to store crypto keys sonewhere without separate hardware), but the convience of a single-device solution (laptop or phone) comes with a risk.
If an attacker can bypass the unlock method or trick you into unlocking or compromise the device, your secrets are at risk. Having the key stored in the secure enclave (and not in a regular file on the hard disk) prevents copying the key material, but it does not prevent using the key when the attacker has some control over the (unlocked) device.
A yubikey is more secure because it's tiny and you can carry it on your keychain. The same chip inside your laptop is more likely to fall into the hands of an attacker.
If someone has physical access to you and your device, they are getting in
https://xkcd.com/538/
Using biometrics to protect your online accounts is far more secure than a password
Not on my Lenovo. Fingerprint reader requires a swipe, no print left behind.
I have a lot of questions about what this guy thinks the rest of your device is covered in. Because spoiler, it's fingerprints.
Mine does not work at all. I'd like to see the guy trying to take fingerprints for a few hours and realizing it won't do shit lol.
Surprise. Or not.
Who is surprised? Are you surprised?
This is the best summary I could come up with:
Microsoft’s Offensive Research and Security Engineering (MORSE) asked Blackwing Intelligence to evaluate the security of fingerprint sensors, and the researchers provided their findings in a presentation at Microsoft’s BlueHat conference in October.
The team identified popular fingerprint sensors from Goodix, Synaptics, and ELAN as targets for their research, with a newly-published blog post detailing the in-depth process of building a USB device that can perform a man-in-the-middle (MitM) attack.
Blackwing Intelligence researchers reverse engineered both software and hardware, and discovered cryptographic implementation flaws in a custom TLS on the Synaptics sensor.
The complicated process to bypass Windows Hello also involved decoding and reimplementing proprietary protocols.
The researchers found that Microsoft’s SDCP protection wasn’t enabled on two of the three devices they targeted.
Blackwing Intelligence now recommends that OEMs make sure SDCP is enabled and ensure the fingerprint sensor implementation is audited by a qualified expert.
The original article contains 474 words, the summary contains 145 words. Saved 69%. I'm a bot and I'm open source!
... Did that say "custom implementation of TLS"?
That's like... The first rule of security. You don't roll your own cryptographic implementation. Like, first you're told that, then they tell you the difference between security and obscurity, say both those things in bold, and continue with whatever beginner topic
im all for the something you have + something you are , pb&j relationship, but i dont think lathering biometrics on top is a good idea,far too many spy movies have shown Tom Cruise doing the MOST for pictures of eyeballs and fingerprints for me to ever trust this type of auth
The main issue with biometrics is that you can't change them. If your fingerprints or retina are compromised you're fucked.
Unless I meet you in person, I'm not going to get your biometrics. The point of these is to protect your accounts from the global Internet.
https://xkcd.com/538/
And yet, as a service member that was part of the 2013 OPM data breech, my finger prints (and an estimated 5.5 million other peoples) were part of the dataset that was stolen.
So... What's your point about "Global Internet"? If my data was stolen, and sent to the "Global Internet"(The fuck does this even mean?)... There's no functional difference to an exposed password.
My point is that I'm not worried about the relatively few people who could steal my fingerprint. I'm worried about the millions of people around the world who will try to steal my passwords and access my online accounts.
If everyone secured their accounts with a biometrically secured security key, they would be far more secure than if they continue to just use a password.
Tgose who go around spreading misinformed FUD over biometrics ensure people who don't know better continue to use weak passwords.
Even if someone gets your fingerprints from the OPM breach still can't use them because they also need your phone. You are still protected from all of the hackers around the world.
This group is much larger than you're assuming.
Bio doesn't stop people from setting bad passwords.
Except you should know better than this... They will simply do BOTH. Set a terrible password because they will be required to make one from the get-go AND use bio. There is no service on the face of the planet that strictly accepts tokens from Bio tools. Simply using Bio doesn't stop those online from bruteforcing the underlying password.
No. I "Spread FUD" because I understand that a good password MUST be revocable. Which Bio CANNOT be. Bio is a username.
No... I'm protected because I use functionally impossible passwords to break that are truly randomly generated and of sufficient length. Further to protect things I use a Yubikey, when supported. Further I use services that monitor breeches and actively change those affected passwords. Bio adds nothing to my protection and in my case (and the case of millions of other people) would actively hinder it.
You have the premise backwards though. It's now, if someone has your device at all... you cannot presume it to be capable of securing anything since your prints are likely on the device itself anyway, oops...
https://support.microsoft.com/en-us/account-billing/how-to-go-passwordless-with-your-microsoft-account-674ce301-3574-4387-a93d-916751764c43
https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/
https://techcrunch.com/2022/09/12/apple-passkey/
Incorrect because your bio is not the password, the private key is. The private key is revocable. Your bio just unlocks your hardware key store and makes the private key accessible to the software.
This is what I mean when I say people do not understand biometric authentication.
Uh huh...
So which 2fa method do we NEVER ask users to use anymore? You know... because lying to a phone carrier and getting a new sim card sent to someone who isn't on the account is the hardest thing in the world to do! Or cloning a sim card.
Which just had some leaks about how insecure it is.
You're going to have to do way better than this...
Regardless all three of these would then rely on your specific device to login, which MUST have a recovery method. Since you know... devices break, get reformatted, etc... What does that process look like? With a password... I simply change the password. Can you guarantee that I can revoke the key and replace it without having to buy new hardware?
They sync shit using iCloud... The private key is not secure. I don't care what your argument is if it's in relation to apple. If you need further argument on this topic... Just look at all the leaked videos from Tesla cars. Big companies DO NOT DESERVE YOUR TRUST.
And you say I don't have an understanding... It doesn't matter how many keys deep you have to go. If the end of the line is an item that has been compromised, it DOESN'T MATTER how many steps you take after that. The compromised item is already obtained when you obtained the device.
Now... Can you tell me the process to revoke the private key from your fingerprint reader on your phone? You claim it's revocable. Revoke it. Show me. I'll wait. Can you prove that the blob in your phone is doing that? These chips are written once at the manufacturer with no oversight or validation. I'm not an idiot. I know your literal fingerprint isn't sent up to the cloud. It's used to tell a local chip to authenticate a public key against the private one contained within that typically never leaves the chip (except that the passkey standard actually allows key mobility, so it's actually worse than the FIDO standard that it's built upon). It's a blob that you have no insight into and no control over.
If I were to bump into you, and lift your phone. I'd likely have your fingerprint just by lifting it off your phone and can sign into your phone. That's it... It's like you didn't have a password at all because I simply HAVE it. I've found that theft is actually much greater risk in my life than my digital footprint. But that's only because I can actually mitigate the digital stuff by not being retarded and putting everything into the internet. Theft on the other hand... Can't do much about someone who willingly knocks me the fuck out (gasp! the XKCD comic strikes again!). But I can make sure that if they knock me the fuck out, they don't just get to take my shit and unlock it without my brain remaining functional.
None of that even matters. This is a chain of trust that I can't actually audit... So it's worthless. This requires that I trust Google (android), Samsung(or other device manufacturer), their vendors(whoever makes the fingerprint reader), etc... You know who I have to to trust for my password? My password manager and myself. The fun part is that my password manager is actually audited... and opensource, AND I've looked at it enough to be happy with it. Who audited Windows Hello? https://www.theverge.com/2023/11/22/23972220/microsoft-windows-hello-fingerprint-authentication-bypass-security-vulnerability Ooops.
It's funny, because you know what this does to authentication? It puts all the power into another companies hands... and takes ALL of it out of yours. Which is interesting that someone on Lemmy is gung-ho about this.
Let's look at a real world example of something you might ACTUALLY have to do. You're crossing the border into a country. You have data you really don't want the government snooping into like hot nudes from your significant other. So you wipe your device before you cross the border to ensure the government can't violate your rights. Oops, you no longer can access ANY account you own because you relied on that device to be what unlocks everything.
Also, whats more likely... that you break a device or that a user CANNOT learn how to use a password manager?
Edit: For shits and giggles I logged into my Google account to see what the passkey setup even looks like for them... Turns out that it's automatically created keys for devices I've logged into... Including devices I don't own anymore.
Really secure that is! Nothing screams security like creating methods to access my account without my fucking knowledge. What a joke.
Windows Hello didn't. The hardware wasn't implemented correctly allowing the authentication to be bypassed. You misunderstood the issue here
They sync the public key with iCloud, not the private key. You misunderstood how it works.
There is no "keys deep" there is a public/private key pair that authenticates a single device with a single account. You have misunderstood how a local key store works.
Which means someone trying to access my account requires physical access to my device. Passwords, no matter how strong leave you open to remote attack.
Open the authencator app and remove the account. Or uninstall the authenticator app. Or delete your local phone account. Or factory reset if you want to go nuclear.
Alternatively if you lost your phone, go to the account online. Browse to the security section and delete the device from the list. Most services have the ability to sign out remotely. All that's doing is revoking the key. The phone doesn't have to do anything. The fact you think something needs change in the "blob" shows you do not understand how encryption works.
Again physical access, not remote access. Much smaller attack vector than a password.
You think passwords take power from the company that stores your passwords remotely? You have no idea how they are storing that password. You don't have to trust the company, you just have to trust the open standard these companies are implementing and that public/private key encryption is the standard used to secure the entire Internet.
Virtually no one uses a password manager. It's too much hassle.
Except I didn't. I outlined a real fucking issue and you're waiving it away without addressing how it's wrong. You realize that Microsoft's own branded laptops have this issue right? If Microsoft cannot create a product that isn't compromised to their own standard then don't you think there's a problem with it?
Here's the relevant quote if you would have read the article instead of yapping about how "I" don't know anything and misunderstand everything.
If Microsoft can't implement their own security standard of Windows Hello. You CANNOT trust it to do anything reasonable let alone be secure. Period.
You cannot validate a public key without a private key to sign for it, public keys are definitionally public and cannot be used to secure anything. This is like saying that the key in you see in an SSL cert is the only thing you need to prove you're the server... Not even close. You MUST have the private key for the sync to do anything useful. I've misunderstood nothing. The alternative here is that one device simply signs or validates another device being added so now there's 2 sets of keys to an account... The more passcodes/passwords that can access an account the more likely someone can bruteforce in. Either way this becomes more and more of a risk.
I've not, because I've explained literally in the same post how it actually works. You're being obtuse.
This assumes you trust the chip.... which implies trust in the manufacturer, parts vendors, and software lying on top of it.
You can't... you've lost your phone to authenticate you into the account. Actually... better yet, login to your google account now... Head over to "your devices", looking at mine, I see 2 devices in there that it REFUSES to let me remove.
Yes... a Session key... Not public/private key. You can simply use the same public/private keys to instantiate a new session! And since you've lost your phone and can't authenticate yourself anymore... The person who found your phone certainly can.
So you've chosen to limit one vector of attack at the risk of completely opening another one... Genius! Especially in this day and age where first party repair shops regularly get found out for stealing customer data...
Companies store password hashes... not the passwords remote... and you want to tell me I don't understand cryptography. Since passwords are transparent and known to me... I can take actions based on that. I can prove that keys aren't being shared across different platforms, etc... I can see exactly what's being passed because I'm the one passing it. And remember... these companies fuck up regularly.
So there's no password manager built into browsers... and companies that don't make millions providing that exact service? Lastpass, Bitwarden, dashlane, etc?
I'll stick to passwords that I can track and operate(which are likely to be more secure than whatever data they're passing as a key). I'll stick to actually functional 2fa tokens via TOTP, and yubikey (which doesn't have sole access to do anything on it's own, unlike a phone). I will not give up my passwords. Trading off 100% of your physical security for what is arguably at worst sidegrade in digital security seems insane to me.
I realize I made an edit to my previous post you might not have seen. Please refer to that as well. But finally I noticed you've completely skipped answering any of the actual scenarios I've posted. Almost like you realize that there's a huge flaw here...
Lastly... I actually taught, researched, and created cryptography at an academic level for a while. I have a feeling I have a deeper knowledge of cryptography than most people do. If you still want to tell me I "misunderstand" everything I would suggest you actually go through my post and actually address the problems I've brought up, then realize that yes... "passkeys" can minimize risk for those who do passwords lazily... but well done passwords and 2fa, are significantly better than passkeys alone. Forcing people into passkeys forces people to only operate under a specific platform that must be trusted to work further eliminates other valuable security features in the process as well. As someone who's security conscious... as you present yourself to be... you should not be de-facto trusting these organizations at all... but for some reason you are. And that's odd.
It doesn't need to be physical breach. If it's stored somewhere it can (and might) be accessed by someone else and reconstructed.
And still useless unless they also steal your phone. You are still safe from the hackers on the other side of the planet
The Surface Pro X has a fingerprint reader? Is it on the keyboard or something? Mine sure doesn't have one.