rotten news relay - comp.mobile.android - Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA

Subject: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
From: Isaac Montara
Newsgroups: comp.mobile.android, misc.phone.mobile.iphone, alt.comp.os.windows-10
Organization: A noiseless patient Spider
Date: Wed, 10 Jul 2024 16:09 UTC

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: IsaacMontara@nospam.com (Isaac Montara)
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,alt.comp.os.windows-10
Subject: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
Date: Wed, 10 Jul 2024 12:09:04 -0400
Organization: A noiseless patient Spider
Lines: 23
Message-ID: <v6mbn0$1vofp$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 10 Jul 2024 18:09:05 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="1acfa6e8a9dd84f2dbbaa2f2f8571948";
logging-data="2089465"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+kx2PQvF8QfK7pIvl2rcVM"
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:102.0) Gecko/20100101 Thunderbird/102.10.0
Cancel-Lock: sha1:iWHcRKcTjhhq56+25ouFortAWA4=
Content-Language: en-US

View all headers

Gmail Users Offered Free Top Tier Security Upgrade - Say Goodbye To 2FA
https://www.forbes.com/sites/daveywinder/2024/07/10/gmail-users-offered-free-top-tier-security-upgrade-say-goodbye-to-2fa/

Google said that users enrolling in Google's Advanced Protection Program
(APP) can use passkeys instead of hardware security keys and use them as an
all-in-one login method without the need for separate 2FA credentials.
https://landing.google.com/advancedprotection/

Passkeys are used without the need for a password by default, although they
can be used as a second factor in combination with one if desired.
https://blog.google/technology/safety-security/google-passkeys-update-april-2024/

Unlike passwords, with passkeys there is nothing to remember or type into
your computer or mobile devices as the device does the authentication.
https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html

Although the passkey can used to replace both the password credentials and
2FA parts of login, Google still requires you to choose a recovery method
should you need to regain access to your account. This can be any way of a
telephone number, email, address separate passkey or hardware keys. A
combination of these will be used in the process of regaining access to an
account, which is necessarily tougher when part of the APP.
https://support.google.com/accounts/answer/13548313?hl=en

Subject: Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
From: Andy Burns
Newsgroups: comp.mobile.android, misc.phone.mobile.iphone, alt.comp.os.windows-10
Date: Wed, 10 Jul 2024 16:17 UTC
References: 1

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: usenet@andyburns.uk (Andy Burns)
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,alt.comp.os.windows-10
Subject: Re: Gmail now accepts passkeys instead of login-password &/or
2FA/2SV/MFA
Date: Wed, 10 Jul 2024 17:17:28 +0100
Lines: 8
Message-ID: <lf7qgtF1gmtU1@mid.individual.net>
References: <v6mbn0$1vofp$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net f21FTPlC6Nyf9dNzHF+TmQSF8j45iaWru7B8hv0wPoAkivdpI1
Cancel-Lock: sha1:bh8thr1s6LPTHNKKIgg/9dBKF9M= sha256:fsL8vCBn1rwW9BwW9TP82XBEFU1U7waUA6CfVc/K+EY=
User-Agent: Mozilla Thunderbird
Content-Language: en-GB
In-Reply-To: <v6mbn0$1vofp$1@dont-email.me>

View all headers

Isaac Montara wrote:

> Gmail Users Offered Free Top Tier Security Upgrade

Does anyone here think they're "important enough" to qualify, does
google accept anyone who requests it, or do they filter-out "unimportant
people"?

Subject: Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
From: Jörg Lorenz
Newsgroups: comp.mobile.android, misc.phone.mobile.iphone, alt.comp.os.windows-10
Organization: Camembert Normand au Lait Cru
Date: Wed, 10 Jul 2024 16:23 UTC
References: 1 2

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: hugybear@gmx.net (Jörg Lorenz)
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,alt.comp.os.windows-10
Subject: Re: Gmail now accepts passkeys instead of login-password &/or
2FA/2SV/MFA
Date: Wed, 10 Jul 2024 18:23:33 +0200
Organization: Camembert Normand au Lait Cru
Message-ID: <v6mci5$e3m6$1@solani.org>
References: <v6mbn0$1vofp$1@dont-email.me> <lf7qgtF1gmtU1@mid.individual.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 10 Jul 2024 16:23:33 -0000 (UTC)
Injection-Info: solani.org;
logging-data="462534"; mail-complaints-to="abuse@news.solani.org"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:115.0) Gecko/20100101
Betterbird/115.13.0
Cancel-Lock: sha1:hiAjVCiN3U6zPgTmoy5Wjfoau9o=
X-User-ID: eJwFwYEBgDAIA7CXhNEi5wyk/59ggkPjZBAMCPJ8+0n1LRtP4kMhyfK1stW0tmA8odib9B8Q4hC+
Content-Language: de-CH, en-GB
In-Reply-To: <lf7qgtF1gmtU1@mid.individual.net>

View all headers

On 10.07.24 18:17, Andy Burns wrote:
> Isaac Montara wrote:
>
>> Gmail Users Offered Free Top Tier Security Upgrade
>
> Does anyone here think they're "important enough" to qualify, does
> google accept anyone who requests it, or do they filter-out "unimportant
> people"?

You are answering to Arlen.

--
"De gustibus non est disputandum."

Subject: Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
From: Java Jive
Newsgroups: comp.mobile.android, misc.phone.mobile.iphone, alt.comp.os.windows-10
Organization: A noiseless patient Spider
Date: Wed, 10 Jul 2024 16:27 UTC
References: 1

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: java@evij.com.invalid (Java Jive)
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,alt.comp.os.windows-10
Subject: Re: Gmail now accepts passkeys instead of login-password &/or
2FA/2SV/MFA
Date: Wed, 10 Jul 2024 17:27:16 +0100
Organization: A noiseless patient Spider
Lines: 15
Message-ID: <v6mcp5$1vsnk$2@dont-email.me>
References: <v6mbn0$1vofp$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 10 Jul 2024 18:27:18 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="ce50c4d79f3dcb98368c7eb619e85b78";
logging-data="2093812"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+QNEgpg9TMd3hfQiPGCFSbrOoQEZWsXWw="
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101
Thunderbird/68.4.2
Cancel-Lock: sha1:lFk9r7DqDZRgs2IkPLVAo+JlBXs=
Content-Language: en-GB
In-Reply-To: <v6mbn0$1vofp$1@dont-email.me>

View all headers

On 10/07/2024 17:09, Isaac Montara wrote:
>
> Unlike passwords, with passkeys there is nothing to remember or type into
> your computer or mobile devices as the device does the authentication.
> https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html

So, if your device is stolen, potentially a thief could gain access to
you Google account without having to find the password. Er, no thanks.

Fake news kills!

I may be contacted via the contact address given on my website:
www.macfh.co.uk

Subject: Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
From: Nick Cine
Newsgroups: comp.mobile.android, misc.phone.mobile.iphone, alt.comp.os.windows-10
Date: Wed, 10 Jul 2024 18:21 UTC
References: 1 2 3

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: nickcine@is.invalid (Nick Cine)
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,alt.comp.os.windows-10
Subject: Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
Date: Wed, 10 Jul 2024 12:21:36 -0600
Message-ID: <v6mjfg$e8na$1@solani.org>
References: <v6mbn0$1vofp$1@dont-email.me> <lf7qgtF1gmtU1@mid.individual.net> <v6mci5$e3m6$1@solani.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=fixed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 10 Jul 2024 18:21:36 -0000 (UTC)
Injection-Info: solani.org;
logging-data="467690"; mail-complaints-to="abuse@news.solani.org"
User-Agent: Usenapp/0.93/l for MacOS - Full License
Cancel-Lock: sha1:h9g72IOlk+iYzcwoXNg0MdL9eY8=
X-User-ID: eJwFwQkBwDAIA0BLQEnI5NAH/xJ2h0XnqSSYGAxlwXHS1BWhqML3xHcBbzdtV+fCVvjBuz/x0g/p

View all headers

On Wed, 10 Jul 2024 18:23:33 +0200, J�rg Lorenz wrote:

> On 10.07.24 18:17, Andy Burns wrote:
>> Isaac Montara wrote:
>>
>>> Gmail Users Offered Free Top Tier Security Upgrade
>>
>> Does anyone here think they're "important enough" to qualify, does
>> google accept anyone who requests it, or do they filter-out "unimportant
>> people"?
>
> You are answering to Arlen.

Shut up Arlen. Say something useful for once, you fucking moron.

Subject: Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
From: Harry S Robins
Newsgroups: comp.mobile.android, misc.phone.mobile.iphone, alt.comp.os.windows-10
Organization: NUO - News.Usenet.Ovh
Date: Wed, 10 Jul 2024 18:23 UTC
References: 1 2

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!usenet.ovh!news.usenet.ovh!.POSTED!not-for-mail
From: stanleyrobins@nothere.uk (Harry S Robins)
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,alt.comp.os.windows-10
Subject: Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
Date: Wed, 10 Jul 2024 13:23:13 -0500
Organization: NUO - News.Usenet.Ovh
Message-ID: <v6mjih$m0le$1@news.usenet.ovh>
References: <v6mbn0$1vofp$1@dont-email.me> <lf7qgtF1gmtU1@mid.individual.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Wed, 10 Jul 2024 18:23:14 -0000 (UTC)
Injection-Info: news.usenet.ovh; posting-account="stanley";
logging-data="721582"; mail-complaints-to="abuse@usenet.ovh"
User-Agent: NewsTap/5.5 (iPhone/iPod Touch)
Cancel-Lock: sha256:ti4tdDLJmjp8Ca8rg/gK1cYLCgMmZyMzZgjW52x2958=

View all headers

On Wed, 10 Jul 2024 17:17:28 +0100, Andy Burns wrote:

>> Gmail Users Offered Free Top Tier Security Upgrade
>
> Does anyone here think they're "important enough" to qualify, does
> google accept anyone who requests it, or do they filter-out "unimportant
> people"?

Didn't the cites say Google said it's open to everyone for free now?

Subject: Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
From: Big Al
Newsgroups: comp.mobile.android, misc.phone.mobile.iphone, alt.comp.os.windows-10
Organization: A noiseless patient Spider
Date: Wed, 10 Jul 2024 18:53 UTC
References: 1 2

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: alan@invalid.com (Big Al)
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,alt.comp.os.windows-10
Subject: Re: Gmail now accepts passkeys instead of login-password &/or
2FA/2SV/MFA
Date: Wed, 10 Jul 2024 14:53:42 -0400
Organization: A noiseless patient Spider
Lines: 15
Message-ID: <v6mlbm$21auu$1@dont-email.me>
References: <v6mbn0$1vofp$1@dont-email.me> <v6mcp5$1vsnk$2@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 10 Jul 2024 20:53:43 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="c455c537c7e8238b35e3d9cecccee038";
logging-data="2141150"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19AejEuFUSMwV4YHuodu95JG9ZntZaEkcs="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:NmLVuOwQJKyjhGhLj+KquNoh/T4=
In-Reply-To: <v6mcp5$1vsnk$2@dont-email.me>
Content-Language: en-US

View all headers

On 7/10/24 12:27 PM, Java Jive wrote:
> On 10/07/2024 17:09, Isaac Montara wrote:
>>
>> Unlike passwords, with passkeys there is nothing to remember or type into
>> your computer or mobile devices as the device does the authentication.
>> https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html
>
> So, if your device is stolen, potentially a thief could gain access to you Google account without
> having to find the password. Er, no thanks.
>
If he steals your phone, he has the 2FA to get in.
--
Linux Mint 21.3, Cinnamon 6.0.4, Kernel 5.15.0-113-generic
Al

Subject: Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
From: Richmond
Newsgroups: comp.mobile.android, misc.phone.mobile.iphone, alt.comp.os.windows-10
Organization: Frantic
Date: Wed, 10 Jul 2024 21:56 UTC
References: 1 2

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: dnomhcir@gmx.com (Richmond)
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,alt.comp.os.windows-10
Subject: Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
Date: Wed, 10 Jul 2024 22:56:05 +0100
Organization: Frantic
Message-ID: <86wmls6he2.fsf@example.com>
References: <v6mbn0$1vofp$1@dont-email.me> <v6mcp5$1vsnk$2@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain
Injection-Info: solani.org;
logging-data="457089"; mail-complaints-to="abuse@news.solani.org"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
Cancel-Lock: sha1:x9yXIvKxnVWDIlVrdZ5at7iki3s= sha1:hqvtEqh/1AJVdcaqRdDx06dT+tw=
X-User-ID: eJwNyMkBwCAMA7CVyOGkjENTe/8RqJ5ClNV0FiohaOhRsvVsnoUgIZFmW+tPud6y9D4dBn3jFyH6ESs=

View all headers

Java Jive <java@evij.com.invalid> writes:

> On 10/07/2024 17:09, Isaac Montara wrote:
>>
>> Unlike passwords, with passkeys there is nothing to remember or type into
>> your computer or mobile devices as the device does the authentication.
>> https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html
>
> So, if your device is stolen, potentially a thief could gain access to
> you Google account without having to find the password. Er, no
> thanks.

Isn't the password on your phone? or do you type it in each time.

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: alan@invalid.com (Big Al)
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,alt.comp.os.windows-10
Subject: Re: Gmail now accepts passkeys instead of login-password &/or
2FA/2SV/MFA
Date: Wed, 10 Jul 2024 18:18:20 -0400
Organization: A noiseless patient Spider
Lines: 21
Message-ID: <v6n1bc$22i4u$1@dont-email.me>
References: <v6mbn0$1vofp$1@dont-email.me> <v6mcp5$1vsnk$2@dont-email.me>
<86wmls6he2.fsf@example.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 11 Jul 2024 00:18:21 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="b06db9e1f571441829fd8c570dfefa7b";
logging-data="2181278"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX197mjFun+0dat57YfDMrlevdizW6+gLdHE="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:iB0TxwM2P7t8igzVQgA0mlo1GJ0=
In-Reply-To: <86wmls6he2.fsf@example.com>
Content-Language: en-US

View all headers

On 7/10/24 05:56 PM, Richmond wrote:
> Java Jive <java@evij.com.invalid> writes:
>
>> On 10/07/2024 17:09, Isaac Montara wrote:
>>>
>>> Unlike passwords, with passkeys there is nothing to remember or type into
>>> your computer or mobile devices as the device does the authentication.
>>> https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html
>>
>> So, if your device is stolen, potentially a thief could gain access to
>> you Google account without having to find the password. Er, no
>> thanks.
>
> Isn't the password on your phone? or do you type it in each time.
I read two of those articles. They talk about it, but don't go into a lot of detail as to 'what'
and 'how' and 'where' these passkeys are. It sounds like a bunch of double talk to me.

--
Linux Mint 21.3, Cinnamon 6.0.4, Kernel 5.15.0-113-generic
Al

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: java@evij.com.invalid (Java Jive)
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,alt.comp.os.windows-10
Subject: Re: Gmail now accepts passkeys instead of login-password &/or
2FA/2SV/MFA
Date: Wed, 10 Jul 2024 23:52:40 +0100
Organization: A noiseless patient Spider
Lines: 25
Message-ID: <v6n3bq$23nq4$1@dont-email.me>
References: <v6mbn0$1vofp$1@dont-email.me> <v6mcp5$1vsnk$2@dont-email.me>
<86wmls6he2.fsf@example.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 11 Jul 2024 00:52:42 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="ee985a2e08b84c027bd563b51994aa6f";
logging-data="2219844"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/g91spoqdI1z0bY0iUO2KHYTYwM9f694g="
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:68.0) Gecko/20100101
Thunderbird/68.4.2
Cancel-Lock: sha1:jXBI1FHrA+9JYh1EC6i1/8TnkXY=
Content-Language: en-GB
In-Reply-To: <86wmls6he2.fsf@example.com>

View all headers

On 10/07/2024 22:56, Richmond wrote:
> Java Jive <java@evij.com.invalid> writes:
>
>> On 10/07/2024 17:09, Isaac Montara wrote:
>>>
>>> Unlike passwords, with passkeys there is nothing to remember or type into
>>> your computer or mobile devices as the device does the authentication.
>>> https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html
>>
>> So, if your device is stolen, potentially a thief could gain access to
>> you Google account without having to find the password. Er, no
>> thanks.
>
> Isn't the password on your phone? or do you type it in each time.

No, I rarely use my phone for anything that requires a password, and
when rarely I do, I type it in. Usually, I do such things on the PC,
and there any passwords are securely locked away behind other passwords.

Fake news kills!

I may be contacted via the contact address given on my website:
www.macfh.co.uk

Subject: Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
From: Alan Browne
Newsgroups: comp.mobile.android, misc.phone.mobile.iphone, alt.comp.os.windows-10
Organization: UsenetServer - www.usenetserver.com
Date: Wed, 10 Jul 2024 23:06 UTC
References: 1

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!border-3.nntp.ord.giganews.com!border-2.nntp.ord.giganews.com!nntp.giganews.com!npeer.as286.net!npeer-ng0.as286.net!peer01.ams1!peer.ams1.xlned.com!news.xlned.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx38.iad.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Gmail now accepts passkeys instead of login-password &/or
2FA/2SV/MFA
Content-Language: en-US
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,alt.comp.os.windows-10
References: <v6mbn0$1vofp$1@dont-email.me>
From: bitbucket@blackhole.com (Alan Browne)
In-Reply-To: <v6mbn0$1vofp$1@dont-email.me>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 20
Message-ID: <EtEjO.1470$mfG1.1057@fx38.iad>
X-Complaints-To: abuse@usenetserver.com
NNTP-Posting-Date: Wed, 10 Jul 2024 23:06:12 UTC
Organization: UsenetServer - www.usenetserver.com
Date: Wed, 10 Jul 2024 19:06:12 -0400
X-Received-Bytes: 1640
X-Original-Bytes: 1501

View all headers

On 2024-07-10 12:09, Isaac Montara wrote:
> Gmail Users Offered Free Top Tier Security Upgrade - Say Goodbye To 2FA
> https://www.forbes.com/sites/daveywinder/2024/07/10/gmail-users-offered-free-top-tier-security-upgrade-say-goodbye-to-2fa/
>
> Google said that users enrolling in Google's Advanced Protection Program

I've been using Passkeys to access Google for nearly a year.

Passkeys will be common for everyone, everywhere in time. I have them
setup for several accounts including Google, Apple and Amazon. Several
others.

Very well integrated into Apple's Password/Keychain system (Mac, iPhone,
iPad...)

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!weretis.net!feeder8.news.weretis.net!feeder1-2.proxad.net!proxad.net!feeder1-1.proxad.net!193.141.40.65.MISMATCH!npeer.as286.net!npeer-ng0.as286.net!peer01.ams1!peer.ams1.xlned.com!news.xlned.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx38.iad.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Gmail now accepts passkeys instead of login-password &/or
2FA/2SV/MFA
Content-Language: en-US
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,alt.comp.os.windows-10
References: <v6mbn0$1vofp$1@dont-email.me> <v6mcp5$1vsnk$2@dont-email.me>
From: bitbucket@blackhole.com (Alan Browne)
In-Reply-To: <v6mcp5$1vsnk$2@dont-email.me>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Lines: 19
Message-ID: <1vEjO.1471$mfG1.950@fx38.iad>
X-Complaints-To: abuse@usenetserver.com
NNTP-Posting-Date: Wed, 10 Jul 2024 23:07:41 UTC
Organization: UsenetServer - www.usenetserver.com
Date: Wed, 10 Jul 2024 19:07:41 -0400
X-Received-Bytes: 1625

View all headers

On 2024-07-10 12:27, Java Jive wrote:
> On 10/07/2024 17:09, Isaac Montara wrote:
>>
>> Unlike passwords, with passkeys there is nothing to remember or type into
>> your computer or mobile devices as the device does the authentication.
>> https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html
>
> So, if your device is stolen, potentially a thief could gain access to
> you Google account without having to find the password. Er, no thanks.

1) Fingerprint or Face recognition,
2) in the meantime you've locked down the device.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!border-4.nntp.ord.giganews.com!nntp.giganews.com!news-out.netnews.com!netnews.com!s1-4.netnews.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx38.iad.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Gmail now accepts passkeys instead of login-password &/or
2FA/2SV/MFA
Content-Language: en-US
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,alt.comp.os.windows-10
References: <v6mbn0$1vofp$1@dont-email.me> <v6mcp5$1vsnk$2@dont-email.me>
<86wmls6he2.fsf@example.com>
From: bitbucket@blackhole.com (Alan Browne)
In-Reply-To: <86wmls6he2.fsf@example.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 27
Message-ID: <CxEjO.1472$mfG1.1321@fx38.iad>
X-Complaints-To: abuse@usenetserver.com
NNTP-Posting-Date: Wed, 10 Jul 2024 23:10:26 UTC
Organization: UsenetServer - www.usenetserver.com
Date: Wed, 10 Jul 2024 19:10:25 -0400
X-Received-Bytes: 1913
X-Original-Bytes: 1862

View all headers

On 2024-07-10 17:56, Richmond wrote:
> Java Jive <java@evij.com.invalid> writes:
>
>> On 10/07/2024 17:09, Isaac Montara wrote:
>>>
>>> Unlike passwords, with passkeys there is nothing to remember or type into
>>> your computer or mobile devices as the device does the authentication.
>>> https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html
>>
>> So, if your device is stolen, potentially a thief could gain access to
>> you Google account without having to find the password. Er, no
>> thanks.
>
> Isn't the password on your phone? or do you type it in each time.

With Passkeys, regardless of how you "access" the phone, logging onto
sites (or validating transactions) is with a bio feature (Face or
Fingerprint for example).

This is very unlikely to succeed, and in the meantime when you realize
your phone is missing or stolen you use other means to lock it.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

Subject: Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
From: Jan K.
Newsgroups: comp.mobile.android, misc.phone.mobile.iphone, alt.comp.os.windows-10
Organization: news.chmurka.net
Date: Thu, 11 Jul 2024 01:24 UTC
References: 1 2 3 4

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!news.chmurka.net!.POSTED.public-nat-08.vpngate.v4.open.ad.jp!not-for-mail
From: janicekoziol@nie.ma.spamu.prosze.com (Jan K.)
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,alt.comp.os.windows-10
Subject: Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
Date: Thu, 11 Jul 2024 03:24:35 +0200
Organization: news.chmurka.net
Message-ID: <v6nc8i$ss3$1@news.chmurka.net>
References: <v6mbn0$1vofp$1@dont-email.me> <v6mcp5$1vsnk$2@dont-email.me> <86wmls6he2.fsf@example.com> <v6n1bc$22i4u$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 11 Jul 2024 01:24:35 -0000 (UTC)
Injection-Info: news.chmurka.net; posting-account="koziolja"; posting-host="public-nat-08.vpngate.v4.open.ad.jp:219.100.37.240";
logging-data="29571"; mail-complaints-to="abuse-news.(at).chmurka.net"
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Thunderbird/45.7.1
Cancel-Lock: sha1:HRcdu6Vl3djKjeX4+gIa8Wc/F9g= sha256:Vq1e6r3Lp3530FbGhuVZLK1zHhyRhSgGjOQ+Z6HcFNA=
sha1:5mJp/x0rkO1JjP+iTj3SPM70yJ0= sha256:WNsi9Yhtk5y1s2VrHzPCUA+xIsMx7tI89bzACdfHWeE=

View all headers

W Wed, 10 Jul 2024 18:18:20 -0400, Big Al napisal:

>> Isn't the password on your phone? or do you type it in each time.
> I read two of those articles. They talk about it, but don't go into a lot of detail as to 'what'
> and 'how' and 'where' these passkeys are. It sounds like a bunch of double talk to me.

I also was confused where the "passkeys" come from if they're on the phone.

I had assumed they come from an authenticator app that is on the phone.
https://www.google.com/search?q=android+open+source+authenticator+apk

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: hugybear@gmx.net (Jörg Lorenz)
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,alt.comp.os.windows-10
Subject: Re: Gmail now accepts passkeys instead of login-password &/or
2FA/2SV/MFA
Date: Thu, 11 Jul 2024 07:12:05 +0200
Organization: Camembert Normand au Lait Cru
Lines: 16
Message-ID: <v6npj5$2al30$1@dont-email.me>
References: <v6mbn0$1vofp$1@dont-email.me> <v6mcp5$1vsnk$2@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 11 Jul 2024 07:12:05 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="b8e83a127c27eab39643117d6e4c5922";
logging-data="2446432"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19x/TjIhTWXQySNpEacgv1X3tVe5RdyJeQ="
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:115.0)
Gecko/20100101 Thunderbird/115.12.2
Cancel-Lock: sha1:kiXY9t0knjeOUJj18Do8+Uo6xJ4=
In-Reply-To: <v6mcp5$1vsnk$2@dont-email.me>
Content-Language: de-CH

View all headers

Am 10.07.24 um 18:27 schrieb Java Jive:
> On 10/07/2024 17:09, Isaac Montara wrote:
>>
>> Unlike passwords, with passkeys there is nothing to remember or type into
>> your computer or mobile devices as the device does the authentication.
>> https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html
>
> So, if your device is stolen, potentially a thief could gain access to
> you Google account without having to find the password. Er, no thanks.

Passkeys are the next step to total dependency on tech companies. I wait
for the moment users have to pay to access to their own data.

--
"Gutta cavat lapidem." (Ovid)

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: hugybear@gmx.net (Jörg Lorenz)
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,alt.comp.os.windows-10
Subject: Re: Gmail now accepts passkeys instead of login-password &/or
2FA/2SV/MFA
Date: Thu, 11 Jul 2024 07:13:00 +0200
Organization: Camembert Normand au Lait Cru
Lines: 23
Message-ID: <v6npks$2al30$2@dont-email.me>
References: <v6mbn0$1vofp$1@dont-email.me> <v6mcp5$1vsnk$2@dont-email.me>
<86wmls6he2.fsf@example.com> <v6n1bc$22i4u$1@dont-email.me>
<v6nc8i$ss3$1@news.chmurka.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 11 Jul 2024 07:13:00 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="b8e83a127c27eab39643117d6e4c5922";
logging-data="2446432"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/duuHgFDXfL1Kg3Ovcr7/nligNIUbkaz0="
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:115.0)
Gecko/20100101 Thunderbird/115.12.2
Cancel-Lock: sha1:opGI19RM8vpde6QTy9iffuEuME8=
Content-Language: de-CH
In-Reply-To: <v6nc8i$ss3$1@news.chmurka.net>

View all headers

Arlen, you are an idiot.

--
"Gutta cavat lapidem." (Ovid)

Subject: Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
From: Chris in Makati
Newsgroups: comp.mobile.android, misc.phone.mobile.iphone, alt.comp.os.windows-10
Date: Thu, 11 Jul 2024 11:34 UTC
References: 1 2

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!news.mixmin.net!news2.arglkargh.de!news.karotte.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: mail@nospam.com (Chris in Makati)
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,alt.comp.os.windows-10
Subject: Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
Date: Thu, 11 Jul 2024 12:34:30 +0100
Lines: 15
Message-ID: <nhgv8jlc8b7qksj4gdeiccpb98u32182e3@4ax.com>
References: <v6mbn0$1vofp$1@dont-email.me> <v6mcp5$1vsnk$2@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Trace: individual.net ZoBIPdRSOxvnChuWoHqz7wzcjGfe11Hj2KcvwWD84hE36YF5AR
Cancel-Lock: sha1:SgNpeWkaE+qZoqpc1PknKsGebE8= sha256:exHT/N8+81J/jhJ9hMxMNij1C2f/PVrlUv2Wuni4PQ4=
User-Agent: ForteAgent/7.20.32.1218

View all headers

On Wed, 10 Jul 2024 17:27:16 +0100, Java Jive <java@evij.com.invalid>
wrote:

>On 10/07/2024 17:09, Isaac Montara wrote:
>>
>> Unlike passwords, with passkeys there is nothing to remember or type into
>> your computer or mobile devices as the device does the authentication.
>> https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html
>
>So, if your device is stolen, potentially a thief could gain access to
>you Google account without having to find the password. Er, no thanks.

Only if the thief had access to your fingerprints or face
identification.

Subject: Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
From: badgolferman
Newsgroups: misc.phone.mobile.iphone, comp.mobile.android, alt.comp.os.windows-10
Date: Thu, 11 Jul 2024 13:49 UTC
References: 1 2 3 4

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: REMOVETHISbadgolferman@gmail.com (badgolferman)
Newsgroups: misc.phone.mobile.iphone,comp.mobile.android,alt.comp.os.windows-10
Subject: Re: Gmail now accepts passkeys instead of login-password
&/or 2FA/2SV/MFA
Date: Thu, 11 Jul 2024 13:49:10 -0000 (UTC)
Message-ID: <v6onsm$f9qa$1@solani.org>
References: <v6mbn0$1vofp$1@dont-email.me>
<v6mcp5$1vsnk$2@dont-email.me>
<86wmls6he2.fsf@example.com>
<CxEjO.1472$mfG1.1321@fx38.iad>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 11 Jul 2024 13:49:10 -0000 (UTC)
Injection-Info: solani.org;
logging-data="501578"; mail-complaints-to="abuse@news.solani.org"
User-Agent: NewsTap/5.5 (iPhone/iPod Touch)
Cancel-Lock: sha1:w/74ipjXN8+C1OdOLOS4vG5LGt4= sha1:hUd1+ACy3fLsPr/1mfhdMVpfMBs=
X-User-ID: eJwFwQkBwDAIA0BLPAE6OYMG/xJ6F56aU8hIxMZiBxxvsH9LfFdQiiHHdtfuUUoIoc6ehPjUCdykeVS7PHF6FbM=

View all headers

Alan Browne <bitbucket@blackhole.com> wrote:
> On 2024-07-10 17:56, Richmond wrote:
>> Java Jive <java@evij.com.invalid> writes:
>>
>>> On 10/07/2024 17:09, Isaac Montara wrote:
>>>>
>>>> Unlike passwords, with passkeys there is nothing to remember or type into
>>>> your computer or mobile devices as the device does the authentication.
>>>> https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html
>>>
>>> So, if your device is stolen, potentially a thief could gain access to
>>> you Google account without having to find the password. Er, no
>>> thanks.
>>
>> Isn't the password on your phone? or do you type it in each time.
>
> With Passkeys, regardless of how you "access" the phone, logging onto
> sites (or validating transactions) is with a bio feature (Face or
> Fingerprint for example).
>
> This is very unlikely to succeed, and in the meantime when you realize
> your phone is missing or stolen you use other means to lock it.
>

How does authentication work on a PC without biometrics?

Subject: Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
From: AJL
Newsgroups: comp.mobile.android
Organization: A noiseless patient Spider
Date: Thu, 11 Jul 2024 14:30 UTC
References: 1 2 3

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: noemail@none.com (AJL)
Newsgroups: comp.mobile.android
Subject: Re: Gmail now accepts passkeys instead of login-password &/or
2FA/2SV/MFA
Date: Thu, 11 Jul 2024 14:30:18 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 16
Message-ID: <v6oq9p$2ggge$1@dont-email.me>
References: <v6mbn0$1vofp$1@dont-email.me> <v6mcp5$1vsnk$2@dont-email.me>
<v6npj5$2al30$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 11 Jul 2024 16:30:18 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="78fb0cd9826264e63bf5f076e2a47321";
logging-data="2638350"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+040Z6iGOqAsRCVFbc8npg"
User-Agent: PhoNews/3.13.3 (Android/11)
Cancel-Lock: sha1:H/3BdVM0LKzt37UaSx9OALyBHPc=
In-Reply-To: <v6npj5$2al30$1@dont-email.me>

View all headers

On 7/10/24 10:12 PM, Jörg Lorenz wrote:

>Passkeys are the next step to total dependency on tech companies.

I'm putting off passkeys for now. I still prefer my password formula that
allows me to generate, remember, and use 12 digit unique passwords. And
Google remembers and inserts most automatically (except sensitive sites)
anyway.

>I wait for the moment users have to pay to access to their own data.

I pay 2 bucks a month to Google Drive. But having data access by all my
devices (even this Amazon Fire OS tablet I'm posting with) is worth it to
me. YMMV of course...

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: dnomhcir@gmx.com (Richmond)
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,alt.comp.os.windows-10
Subject: Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
Date: Thu, 11 Jul 2024 15:41:14 +0100
Organization: Frantic
Message-ID: <86le286lf9.fsf@example.com>
References: <v6mbn0$1vofp$1@dont-email.me> <v6mcp5$1vsnk$2@dont-email.me>
<86wmls6he2.fsf@example.com> <v6n3bq$23nq4$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain
Injection-Info: solani.org;
logging-data="498385"; mail-complaints-to="abuse@news.solani.org"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
Cancel-Lock: sha1:Q0RIO2498JPr//YwZZom2V6Uw1c= sha1:PRkpMDZlShOR/X5aciyTc57dRnc=
X-User-ID: eJwNydsBADEEBMCWQliUIx79l3A3v6MXhDKBQnR1EcVOi6F+zPUcJ0qkTVLXp0+MRWX6H3WZPx1qEQ4=

View all headers

Java Jive <java@evij.com.invalid> writes:

> On 10/07/2024 22:56, Richmond wrote:
>> Java Jive <java@evij.com.invalid> writes:
>>
>>> On 10/07/2024 17:09, Isaac Montara wrote:
>>>>
>>>> Unlike passwords, with passkeys there is nothing to remember or type into
>>>> your computer or mobile devices as the device does the authentication.
>>>> https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html
>>>
>>> So, if your device is stolen, potentially a thief could gain access to
>>> you Google account without having to find the password. Er, no
>>> thanks.
>> Isn't the password on your phone? or do you type it in each time.
>
> No, I rarely use my phone for anything that requires a password, and
> when rarely I do, I type it in. Usually, I do such things on the PC,
> and there any passwords are securely locked away behind other
> passwords.

Well I think you have answered your question. If the device is stolen,
your passkeys will be 'securely locked away' protected by the same
passwords as your passwords are protected.

Subject: Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
From: Jörg Lorenz
Newsgroups: comp.mobile.android
Organization: Camembert Normand au Lait Cru
Date: Thu, 11 Jul 2024 16:32 UTC
References: 1 2 3 4

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: hugybear@gmx.net (Jörg Lorenz)
Newsgroups: comp.mobile.android
Subject: Re: Gmail now accepts passkeys instead of login-password &/or
2FA/2SV/MFA
Date: Thu, 11 Jul 2024 18:32:45 +0200
Organization: Camembert Normand au Lait Cru
Lines: 21
Message-ID: <v6p1fd$2hokv$1@dont-email.me>
References: <v6mbn0$1vofp$1@dont-email.me> <v6mcp5$1vsnk$2@dont-email.me>
<v6npj5$2al30$1@dont-email.me> <v6oq9p$2ggge$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 11 Jul 2024 18:32:45 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="b8e83a127c27eab39643117d6e4c5922";
logging-data="2679455"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18CdZ8hkPSdisSDeJzQRAIiPqFIDF15xoU="
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:115.0)
Gecko/20100101 Thunderbird/115.12.2
Cancel-Lock: sha1:L/ha0xGuplVr862BUfwxl+X5fck=
In-Reply-To: <v6oq9p$2ggge$1@dont-email.me>
Content-Language: de-CH

View all headers

Am 11.07.24 um 16:30 schrieb AJL:
> On 7/10/24 10:12 PM, Jörg Lorenz wrote:
>
>> Passkeys are the next step to total dependency on tech companies.
>
> I'm putting off passkeys for now. I still prefer my password formula that
> allows me to generate, remember, and use 12 digit unique passwords. And
> Google remembers and inserts most automatically (except sensitive sites)
> anyway.
>
>> I wait for the moment users have to pay to access to their own data.
>
> I pay 2 bucks a month to Google Drive. But having data access by all my
> devices (even this Amazon Fire OS tablet I'm posting with) is worth it to
> me. YMMV of course...

Not the data itself. The access to them.

--
"Gutta cavat lapidem." (Ovid)

Subject: Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA
From: Paul
Newsgroups: misc.phone.mobile.iphone, comp.mobile.android, alt.comp.os.windows-10
Organization: A noiseless patient Spider
Date: Thu, 11 Jul 2024 17:43 UTC
References: 1 2 3 4 5

Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: nospam@needed.invalid (Paul)
Newsgroups: misc.phone.mobile.iphone,comp.mobile.android,alt.comp.os.windows-10
Subject: Re: Gmail now accepts passkeys instead of login-password &/or
2FA/2SV/MFA
Date: Thu, 11 Jul 2024 13:43:58 -0400
Organization: A noiseless patient Spider
Lines: 71
Message-ID: <v6p5ku$2ij6l$1@dont-email.me>
References: <v6mbn0$1vofp$1@dont-email.me> <v6mcp5$1vsnk$2@dont-email.me>
<86wmls6he2.fsf@example.com> <CxEjO.1472$mfG1.1321@fx38.iad>
<v6onsm$f9qa$1@solani.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 11 Jul 2024 19:43:59 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="e41ee8a34970a640652a49136cf6aff8";
logging-data="2706645"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18eR1n3lQUMzWMI3QYMld6rL+/8XsYZ3Ys="
User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802)
Cancel-Lock: sha1:SIA9sy4Fo2+EI7yVZMOobPfAOmM=
In-Reply-To: <v6onsm$f9qa$1@solani.org>
Content-Language: en-US

View all headers

On 7/11/2024 9:49 AM, badgolferman wrote:
> Alan Browne <bitbucket@blackhole.com> wrote:
>> On 2024-07-10 17:56, Richmond wrote:
>>> Java Jive <java@evij.com.invalid> writes:
>>>
>>>> On 10/07/2024 17:09, Isaac Montara wrote:
>>>>>
>>>>> Unlike passwords, with passkeys there is nothing to remember or type into
>>>>> your computer or mobile devices as the device does the authentication.
>>>>> https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html
>>>>
>>>> So, if your device is stolen, potentially a thief could gain access to
>>>> you Google account without having to find the password. Er, no
>>>> thanks.
>>>
>>> Isn't the password on your phone? or do you type it in each time.
>>
>> With Passkeys, regardless of how you "access" the phone, logging onto
>> sites (or validating transactions) is with a bio feature (Face or
>> Fingerprint for example).
>>
>> This is very unlikely to succeed, and in the meantime when you realize
>> your phone is missing or stolen you use other means to lock it.
>>
>
> How does authentication work on a PC without biometrics?
>

With a FIDO key that has a button labeled "Authenticate Now" :-)

Something you have and something you know (PIN).

https://en.wikipedia.org/wiki/WebAuthn#/media/File:Passwordless_Web_Authentication.svg

The biometrics on a PC are done with a special camera (like an
Intel RealSense or similar), for facial recognition. Perhaps a
portable fingerprint reader is another way to generate a biometric.
One of the FIDO keys, seems to have a fingerprint reader on the button.

"Relevant examples of platform authenticators include Windows Hello[16] " o.O [OK, I guess]

If you buy a FIDO key, you buy two of them, one is registered
but kept in reserve. If you lose, have stolen, or the more
likely case, you have a hardware failure, the second key is part
of your recovery process. I read this, on a site selling the keys
(they happen to mention a means of doubling their sales) :-) I
don't know if the users go for this idea or not.

"You should maintain a record of which security keys you register
on which websites. <=== Jebus, great! Just what I wanted to hear.

If you lose or want to decommission a key, you’ll need this record
to know where you need to log in and replace the key.

In the intervening years, I’ve worn out the security key I always
keep with me on my key chain. Over the last five years, the gold plating
on the contact pins has worn off [to be expected], and the copper alloy
underneath has corroded [yes, metallurgy was wrong]. The key is still
functional, but it requires some hefty jiggling after insertion before
it works. It’s time to replace it.

And they cost $67 at the moment, in our dollars.

The ones they make for USB-A are lousy (plastic barrel!), whereas I think
there is a USB-C, but the issue there will be snapping of the thing
at the PCB level (because of their attraction to plastic cases for the things).
The mechanical details are a wonder. Have we no science ? Even the USB key
makers, scum the lot of them, learned how to make a stick.

Paul

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx46.iad.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Gmail now accepts passkeys instead of login-password &/or
2FA/2SV/MFA
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,alt.comp.os.windows-10
References: <v6mbn0$1vofp$1@dont-email.me> <v6mcp5$1vsnk$2@dont-email.me>
<86wmls6he2.fsf@example.com> <v6n1bc$22i4u$1@dont-email.me>
<v6nc8i$ss3$1@news.chmurka.net>
Content-Language: en-US
From: bitbucket@blackhole.com (Alan Browne)
In-Reply-To: <v6nc8i$ss3$1@news.chmurka.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Lines: 26
Message-ID: <w2VjO.406$6ZU4.327@fx46.iad>
X-Complaints-To: abuse@usenetserver.com
NNTP-Posting-Date: Thu, 11 Jul 2024 17:57:48 UTC
Organization: UsenetServer - www.usenetserver.com
Date: Thu, 11 Jul 2024 13:57:48 -0400
X-Received-Bytes: 1818

View all headers

On 2024-07-10 21:24, Jan K. wrote:
> W Wed, 10 Jul 2024 18:18:20 -0400, Big Al napisal:
>
>>> Isn't the password on your phone? or do you type it in each time.
>> I read two of those articles. They talk about it, but don't go into a
>> lot of detail as to 'what' and 'how' and 'where' these passkeys are.
>> It sounds like a bunch of double talk to me.
>
> I also was confused where the "passkeys" come from if they're on the phone.

Passkeys is a whole thing unto itself.

https://support.apple.com/en-ca/guide/iphone/iphf538ea8d0/ios

Also supported in iPad and Mac OS, of course.

As to other eco-systems (Winders, Android) it is supported as well.

Alas the number of websites using it is still a somewhat low number -
but steadily growing.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx46.iad.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Gmail now accepts passkeys instead of login-password &/or
2FA/2SV/MFA
Content-Language: en-US
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,alt.comp.os.windows-10
References: <v6mbn0$1vofp$1@dont-email.me> <v6mcp5$1vsnk$2@dont-email.me>
<v6npj5$2al30$1@dont-email.me>
From: bitbucket@blackhole.com (Alan Browne)
In-Reply-To: <v6npj5$2al30$1@dont-email.me>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Lines: 22
Message-ID: <F3VjO.407$6ZU4.192@fx46.iad>
X-Complaints-To: abuse@usenetserver.com
NNTP-Posting-Date: Thu, 11 Jul 2024 17:59:01 UTC
Organization: UsenetServer - www.usenetserver.com
Date: Thu, 11 Jul 2024 13:59:01 -0400
X-Received-Bytes: 1723

View all headers

On 2024-07-11 01:12, Jörg Lorenz wrote:
> Am 10.07.24 um 18:27 schrieb Java Jive:
>> On 10/07/2024 17:09, Isaac Montara wrote:
>>>
>>> Unlike passwords, with passkeys there is nothing to remember or type
>>> into
>>> your computer or mobile devices as the device does the authentication.
>>> https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html
>>
>> So, if your device is stolen, potentially a thief could gain access to
>> you Google account without having to find the password. Er, no thanks.
>
> Passkeys are the next step to total dependency on tech companies. I wait
> for the moment users have to pay to access to their own data.

Jörg lays another giant falsehood egg.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: usenet@andyburns.uk (Andy Burns)
Newsgroups: comp.mobile.android,misc.phone.mobile.iphone,alt.comp.os.windows-10
Subject: Re: Gmail now accepts passkeys instead of login-password &/or
2FA/2SV/MFA
Date: Thu, 11 Jul 2024 19:09:25 +0100
Lines: 13
Message-ID: <lfalf1FedtiU1@mid.individual.net>
References: <v6mbn0$1vofp$1@dont-email.me> <v6mcp5$1vsnk$2@dont-email.me>
<86wmls6he2.fsf@example.com> <v6n1bc$22i4u$1@dont-email.me>
<v6nc8i$ss3$1@news.chmurka.net> <w2VjO.406$6ZU4.327@fx46.iad>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: individual.net aOHWmJuxwhuq5+8AKo7MugaT6dIKXgv3PKpZtpJVBoxqlsRqvq
Cancel-Lock: sha1:ArSzq7PDRE/5Rz5T+SA4fYjW+0w= sha256:atGEqwFsv5vmEBGg4kGQ6CGkIo15Id6jC2FBwOeyXuI=
User-Agent: Mozilla Thunderbird
Content-Language: en-GB
In-Reply-To: <w2VjO.406$6ZU4.327@fx46.iad>

View all headers

Your lucky color has faded.

comp / comp.mobile.android / Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA

Subject	Author
Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Isaac Montara
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Andy Burns
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Jörg Lorenz
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Nick Cine
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Jörg Lorenz
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Harry S Robins
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Java Jive
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Big Al
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Richmond
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Big Al
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Jan K.
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Jörg Lorenz
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Alan Browne
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Andy Burns
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Alan Browne
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Andy Burns
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Alan Browne
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Java Jive
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Richmond
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Alan Browne
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	badgolferman
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Paul
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Chris in Makati
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Alan Browne
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Jörg Lorenz
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	AJL
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Jörg Lorenz
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Alan Browne
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Chris in Makati
Re: Gmail now accepts passkeys instead of login-password &/or 2FA/2SV/MFA	Alan Browne