XPost: comp.mobile.android, misc.phone.mobile.iphone

Gmail Users Offered Free Top Tier Security Upgrade - Say Goodbye To 2FA https://www.forbes.com/sites/daveywinder/2024/07/10/gmail-users-offered-free-top-tier-security-upgrade-say-goodbye-to-2fa/

Google said that users enrolling in Google's Advanced Protection Program
(APP) can use passkeys instead of hardware security keys and use them as an all-in-one login method without the need for separate 2FA credentials. https://landing.google.com/advancedprotection/

Passkeys are used without the need for a password by default, although they
can be used as a second factor in combination with one if desired. https://blog.google/technology/safety-security/google-passkeys-update-april-2024/

Unlike passwords, with passkeys there is nothing to remember or type into
your computer or mobile devices as the device does the authentication. https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html

Although the passkey can used to replace both the password credentials and
2FA parts of login, Google still requires you to choose a recovery method should you need to regain access to your account. This can be any way of a telephone number, email, address separate passkey or hardware keys. A combination of these will be used in the process of regaining access to an account, which is necessarily tougher when part of the APP. https://support.google.com/accounts/answer/13548313?hl=en

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

On 10/07/2024 17:09, Isaac Montara wrote:

Unlike passwords, with passkeys there is nothing to remember or type into your computer or mobile devices as the device does the authentication. https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html

So, if your device is stolen, potentially a thief could gain access to
you Google account without having to find the password. Er, no thanks.

--

Fake news kills!

I may be contacted via the contact address given on my website:
www.macfh.co.uk

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

On 10.07.24 18:17, Andy Burns wrote:

Isaac Montara wrote:

Gmail Users Offered Free Top Tier Security Upgrade

Does anyone here think they're "important enough" to qualify, does
google accept anyone who requests it, or do they filter-out "unimportant people"?

You are answering to Arlen.


--
"De gustibus non est disputandum."

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

Isaac Montara wrote:

Gmail Users Offered Free Top Tier Security Upgrade

Does anyone here think they're "important enough" to qualify, does
google accept anyone who requests it, or do they filter-out "unimportant people"?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

On Wed, 10 Jul 2024 18:23:33 +0200, Jörg Lorenz wrote:

On 10.07.24 18:17, Andy Burns wrote:

Isaac Montara wrote:

Gmail Users Offered Free Top Tier Security Upgrade

Does anyone here think they're "important enough" to qualify, does
google accept anyone who requests it, or do they filter-out "unimportant
people"?

You are answering to Arlen.

Shut up Arlen. Say something useful for once, you fucking moron.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

On 7/10/24 12:27 PM, Java Jive wrote:

On 10/07/2024 17:09, Isaac Montara wrote:

Unlike passwords, with passkeys there is nothing to remember or type into
your computer or mobile devices as the device does the authentication.
https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html

So, if your device is stolen, potentially a thief could gain access to you Google account without
having to find the password.  Er, no thanks.

If he steals your phone, he has the 2FA to get in.
--
Linux Mint 21.3, Cinnamon 6.0.4, Kernel 5.15.0-113-generic
Al

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

On Wed, 10 Jul 2024 17:17:28 +0100, Andy Burns wrote:

Gmail Users Offered Free Top Tier Security Upgrade

Does anyone here think they're "important enough" to qualify, does
google accept anyone who requests it, or do they filter-out "unimportant people"?

Didn't the cites say Google said it's open to everyone for free now?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

Java Jive <java@evij.com.invalid> writes:

On 10/07/2024 17:09, Isaac Montara wrote:

Unlike passwords, with passkeys there is nothing to remember or type into
your computer or mobile devices as the device does the authentication.
https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html

So, if your device is stolen, potentially a thief could gain access to
you Google account without having to find the password. Er, no
thanks.

Isn't the password on your phone? or do you type it in each time.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

On 7/10/24 05:56 PM, Richmond wrote:

Java Jive <java@evij.com.invalid> writes:

On 10/07/2024 17:09, Isaac Montara wrote:

Unlike passwords, with passkeys there is nothing to remember or type into >>> your computer or mobile devices as the device does the authentication.
https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html

So, if your device is stolen, potentially a thief could gain access to
you Google account without having to find the password. Er, no
thanks.

Isn't the password on your phone? or do you type it in each time.

I read two of those articles. They talk about it, but don't go into a lot of detail as to 'what'
and 'how' and 'where' these passkeys are. It sounds like a bunch of double talk to me.

--
Linux Mint 21.3, Cinnamon 6.0.4, Kernel 5.15.0-113-generic
Al

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

On 2024-07-10 12:09, Isaac Montara wrote:

Gmail Users Offered Free Top Tier Security Upgrade - Say Goodbye To 2FA https://www.forbes.com/sites/daveywinder/2024/07/10/gmail-users-offered-free-top-tier-security-upgrade-say-goodbye-to-2fa/

Google said that users enrolling in Google's Advanced Protection Program

I've been using Passkeys to access Google for nearly a year.

Passkeys will be common for everyone, everywhere in time. I have them
setup for several accounts including Google, Apple and Amazon. Several
others.

Very well integrated into Apple's Password/Keychain system (Mac, iPhone, iPad...)

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

On 10/07/2024 22:56, Richmond wrote:

Java Jive <java@evij.com.invalid> writes:

On 10/07/2024 17:09, Isaac Montara wrote:

Unlike passwords, with passkeys there is nothing to remember or type into >>> your computer or mobile devices as the device does the authentication.
https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html

So, if your device is stolen, potentially a thief could gain access to
you Google account without having to find the password. Er, no
thanks.

Isn't the password on your phone? or do you type it in each time.

No, I rarely use my phone for anything that requires a password, and
when rarely I do, I type it in. Usually, I do such things on the PC,
and there any passwords are securely locked away behind other passwords.

--

Fake news kills!

I may be contacted via the contact address given on my website:
www.macfh.co.uk

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

On 2024-07-10 12:27, Java Jive wrote:

On 10/07/2024 17:09, Isaac Montara wrote:

Unlike passwords, with passkeys there is nothing to remember or type into
your computer or mobile devices as the device does the authentication.
https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html

So, if your device is stolen, potentially a thief could gain access to
you Google account without having to find the password.  Er, no thanks.

1) Fingerprint or Face recognition,
2) in the meantime you've locked down the device.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

On 2024-07-10 17:56, Richmond wrote:

Java Jive <java@evij.com.invalid> writes:

On 10/07/2024 17:09, Isaac Montara wrote:

Unlike passwords, with passkeys there is nothing to remember or type into >>> your computer or mobile devices as the device does the authentication.
https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html

So, if your device is stolen, potentially a thief could gain access to
you Google account without having to find the password. Er, no
thanks.

Isn't the password on your phone? or do you type it in each time.

With Passkeys, regardless of how you "access" the phone, logging onto
sites (or validating transactions) is with a bio feature (Face or
Fingerprint for example).

This is very unlikely to succeed, and in the meantime when you realize
your phone is missing or stolen you use other means to lock it.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

W Wed, 10 Jul 2024 18:18:20 -0400, Big Al napisal:

Isn't the password on your phone? or do you type it in each time.

I read two of those articles. They talk about it, but don't go into a lot of detail as to 'what'
and 'how' and 'where' these passkeys are. It sounds like a bunch of double talk to me.

I also was confused where the "passkeys" come from if they're on the phone.

I had assumed they come from an authenticator app that is on the phone. https://www.google.com/search?q=android+open+source+authenticator+apk

https://play.google.com/store/apps/details?id=com.twofasapp https://play.google.com/store/apps/details?id=com.authy.authy https://play.google.com/store/apps/details?id=com.rcdevs.auth https://play.google.com/store/apps/details?id=com.azure.authenticator https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis https://play.google.com/store/apps/details?id=com.zoho.accounts.oneauth https://play.google.com/store/apps/details?id=org.shadowice.flocke.andotp https://play.google.com/store/apps/details?id=com.bitwarden.authenticator https://play.google.com/store/apps/details?id=com.smmservice.authenticator https://play.google.com/store/apps/details?id=com.authenticator.authservice2 https://play.google.com/store/apps/details?id=com.authenticator.app.starnest https://play.google.com/store/apps/details?id=org.liberty.android.freeotpplus https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
https://play.google.com/store/apps/details?id=authenticator.two.factor.authentication.otp
https://play.google.com/store/apps/details?id=otp.authenticator.app.authentication.password

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

Am 10.07.24 um 18:27 schrieb Java Jive:

On 10/07/2024 17:09, Isaac Montara wrote:

Unlike passwords, with passkeys there is nothing to remember or type into
your computer or mobile devices as the device does the authentication.
https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html

So, if your device is stolen, potentially a thief could gain access to
you Google account without having to find the password. Er, no thanks.

Passkeys are the next step to total dependency on tech companies. I wait
for the moment users have to pay to access to their own data.

--
"Gutta cavat lapidem." (Ovid)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

Am 11.07.24 um 03:24 schrieb Jan K.:

https://play.google.com/store/apps/details?id=com.twofasapp https://play.google.com/store/apps/details?id=com.authy.authy https://play.google.com/store/apps/details?id=com.rcdevs.auth https://play.google.com/store/apps/details?id=com.azure.authenticator https://play.google.com/store/apps/details?id=org.fedorahosted.freeotp https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis https://play.google.com/store/apps/details?id=com.zoho.accounts.oneauth https://play.google.com/store/apps/details?id=org.shadowice.flocke.andotp https://play.google.com/store/apps/details?id=com.bitwarden.authenticator https://play.google.com/store/apps/details?id=com.smmservice.authenticator https://play.google.com/store/apps/details?id=com.authenticator.authservice2 https://play.google.com/store/apps/details?id=com.authenticator.app.starnest https://play.google.com/store/apps/details?id=org.liberty.android.freeotpplus https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
https://play.google.com/store/apps/details?id=authenticator.two.factor.authentication.otp
https://play.google.com/store/apps/details?id=otp.authenticator.app.authentication.password

Arlen, you are an idiot.

--
"Gutta cavat lapidem." (Ovid)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

On Wed, 10 Jul 2024 17:27:16 +0100, Java Jive <java@evij.com.invalid>
wrote:

On 10/07/2024 17:09, Isaac Montara wrote:

Unlike passwords, with passkeys there is nothing to remember or type into
your computer or mobile devices as the device does the authentication.
https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html

So, if your device is stolen, potentially a thief could gain access to
you Google account without having to find the password. Er, no thanks.

Only if the thief had access to your fingerprints or face
identification.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

Java Jive <java@evij.com.invalid> writes:

On 10/07/2024 22:56, Richmond wrote:

Java Jive <java@evij.com.invalid> writes:

On 10/07/2024 17:09, Isaac Montara wrote:

Unlike passwords, with passkeys there is nothing to remember or type into >>>> your computer or mobile devices as the device does the authentication. >>>> https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html

So, if your device is stolen, potentially a thief could gain access to
you Google account without having to find the password. Er, no
thanks.

Isn't the password on your phone? or do you type it in each time.

No, I rarely use my phone for anything that requires a password, and
when rarely I do, I type it in. Usually, I do such things on the PC,
and there any passwords are securely locked away behind other
passwords.

Well I think you have answered your question. If the device is stolen,
your passkeys will be 'securely locked away' protected by the same
passwords as your passwords are protected.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

On 2024-07-10 21:24, Jan K. wrote:

W Wed, 10 Jul 2024 18:18:20 -0400, Big Al napisal:

Isn't the password on your phone? or do you type it in each time.

I read two of those articles.  They talk about it, but don't go into a
lot of detail as to 'what' and 'how' and 'where' these passkeys are.
It sounds like a bunch of double talk to me.

I also was confused where the "passkeys" come from if they're on the phone.

Passkeys is a whole thing unto itself.

https://support.apple.com/en-ca/guide/iphone/iphf538ea8d0/ios

Also supported in iPad and Mac OS, of course.

As to other eco-systems (Winders, Android) it is supported as well.

Alas the number of websites using it is still a somewhat low number -
but steadily growing.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

On 2024-07-11 01:12, Jörg Lorenz wrote:

Am 10.07.24 um 18:27 schrieb Java Jive:

On 10/07/2024 17:09, Isaac Montara wrote:

Unlike passwords, with passkeys there is nothing to remember or type
into
your computer or mobile devices as the device does the authentication.
https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html

So, if your device is stolen, potentially a thief could gain access to
you Google account without having to find the password.  Er, no thanks.

Passkeys are the next step to total dependency on tech companies. I wait
for the moment users have to pay to access to their own data.

Jörg lays another giant falsehood egg.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone, comp.mobile.android

On 7/11/2024 9:49 AM, badgolferman wrote:

Alan Browne <bitbucket@blackhole.com> wrote:

On 2024-07-10 17:56, Richmond wrote:

Java Jive <java@evij.com.invalid> writes:

On 10/07/2024 17:09, Isaac Montara wrote:

Unlike passwords, with passkeys there is nothing to remember or type into >>>>> your computer or mobile devices as the device does the authentication. >>>>> https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html

So, if your device is stolen, potentially a thief could gain access to >>>> you Google account without having to find the password. Er, no
thanks.

Isn't the password on your phone? or do you type it in each time.

With Passkeys, regardless of how you "access" the phone, logging onto
sites (or validating transactions) is with a bio feature (Face or
Fingerprint for example).

This is very unlikely to succeed, and in the meantime when you realize
your phone is missing or stolen you use other means to lock it.

How does authentication work on a PC without biometrics?

With a FIDO key that has a button labeled "Authenticate Now" :-)

Something you have and something you know (PIN).

https://en.wikipedia.org/wiki/WebAuthn#/media/File:Passwordless_Web_Authentication.svg

The biometrics on a PC are done with a special camera (like an
Intel RealSense or similar), for facial recognition. Perhaps a
portable fingerprint reader is another way to generate a biometric.
One of the FIDO keys, seems to have a fingerprint reader on the button.

"Relevant examples of platform authenticators include Windows Hello[16] " o.O [OK, I guess]

If you buy a FIDO key, you buy two of them, one is registered
but kept in reserve. If you lose, have stolen, or the more
likely case, you have a hardware failure, the second key is part
of your recovery process. I read this, on a site selling the keys
(they happen to mention a means of doubling their sales) :-) I
don't know if the users go for this idea or not.

"You should maintain a record of which security keys you register
on which websites. <=== Jebus, great! Just what I wanted to hear.

If you lose or want to decommission a key, you’ll need this record
to know where you need to log in and replace the key.

In the intervening years, I’ve worn out the security key I always
keep with me on my key chain. Over the last five years, the gold plating
on the contact pins has worn off [to be expected], and the copper alloy
underneath has corroded [yes, metallurgy was wrong]. The key is still
functional, but it requires some hefty jiggling after insertion before
it works. It’s time to replace it.

And they cost $67 at the moment, in our dollars.

The ones they make for USB-A are lousy (plastic barrel!), whereas I think
there is a USB-C, but the issue there will be snapping of the thing
at the PCB level (because of their attraction to plastic cases for the things). The mechanical details are a wonder. Have we no science ? Even the USB key makers, scum the lot of them, learned how to make a stick.

Paul

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

Alan Browne wrote:

Passkeys is a whole thing unto itself.

I've noticed eBay "encouraging" me to switch to passkeys, which so far
I've resisted

I noticed a recent email from amazon thanking me for creating a passkey,
which I was not aware of having done. I know amazon are masters of "dark patterns" on their website, the email is genuine, and there was a
passkey on the amazon account settings, which I deleted.

I'm quite happy with using EnPass for all my password management.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

Alan Browne wrote:

Andy Burns wrote:

I'm quite happy with using EnPass for all my password management.

Passkeys is about passwordless access management.

It may be safe(r), it may not be; but I'm not going to rush to stop
using passwords which are pretty well under control here ... just on the strength of their "trust us bruh".

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

On 2024-07-11 14:09, Andy Burns wrote:

Alan Browne wrote:

Passkeys is a whole thing unto itself.

I've noticed eBay "encouraging" me to switch to passkeys, which so far
I've resisted

I noticed a recent email from amazon thanking me for creating a passkey, which I was not aware of having done. I know amazon are masters of "dark patterns" on their website, the email is genuine, and there was a
passkey on the amazon account settings, which I deleted.

I'm quite happy with using EnPass for all my password management.

Passkeys is about passwordless access management.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

On 2024-07-11 15:53, Andy Burns wrote:

Alan Browne wrote:

Andy Burns wrote:

I'm quite happy with using EnPass for all my password management.

Passkeys is about passwordless access management.

It may be safe(r), it may not be;  but I'm not going to rush to stop
using passwords which are pretty well under control here ... just on the strength of their "trust us bruh".

At least look into it. It's standards based. Nobody owns it.

--
"It would be a measureless disaster if Russian barbarism overlaid
the culture and independence of the ancient States of Europe."
Winston Churchill

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: comp.mobile.android, misc.phone.mobile.iphone

On 10.07.24 20:21, Nick Cine wrote:

Shut up Arlen. Say something useful for once, you fucking moron.

Arlen. You are a primitive and brain dead Troll.

--
"De gustibus non est disputandum."

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: misc.phone.mobile.iphone, comp.mobile.android

On Thu, 11 Jul 2024 13:49:10 -0000 (UTC), badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:

Alan Browne <bitbucket@blackhole.com> wrote:

On 2024-07-10 17:56, Richmond wrote:

Java Jive <java@evij.com.invalid> writes:

On 10/07/2024 17:09, Isaac Montara wrote:

Unlike passwords, with passkeys there is nothing to remember or type into >>>>> your computer or mobile devices as the device does the authentication. >>>>> https://security.googleblog.com/2024/05/passkeys-on-your-phone-computer-and-security-keys.html

So, if your device is stolen, potentially a thief could gain access to >>>> you Google account without having to find the password. Er, no
thanks.

Isn't the password on your phone? or do you type it in each time.

With Passkeys, regardless of how you "access" the phone, logging onto
sites (or validating transactions) is with a bio feature (Face or
Fingerprint for example).

This is very unlikely to succeed, and in the meantime when you realize
your phone is missing or stolen you use other means to lock it.

How does authentication work on a PC without biometrics?

A QR code is displayed on the PC screen, which you get told to scan on
your phone. On an iPhone you use the camera to scan the QR code and
you're prompted by the phone to use your Face ID or Touch ID to
approve the login. The login on the PC is then approved.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)