Announcing DaryaScam: Messaging apps need passkeys ASAPTL;DR: You got phishing, we brought guns.Dec 17, 20242Dec 17, 20242
Passkeys for decision makersMarketing free guide, for managers, CISOs, CEOs, engineers, and normies.Oct 9, 2024671Oct 9, 2024671
Two years of Passkeys: A reflection pointI have been quiet on writing for the last two years, mostly because I was not sure what to write. The FIDO ecosystem had a complete reboot…Aug 26, 20241502Aug 26, 20241502
My peopleMy people are killing. My people are dying. My people are watching.Apr 6, 2022167Apr 6, 2022167
Published inWebAuthn WorksWebAuthn/FIDO2: What’s new in MDS3? Migrating from MDS2 to MDS3.It’s a JSON! It looks like MDS2? Nope, that’s MDS3!May 26, 2021691May 26, 2021691
Published inWebAuthn WorksWebAuthn/FIDO2: Demystifying attestation and MDSAnswer to all your uncomfortable question about attestation, MDS and MetadataMay 24, 2021833May 24, 2021833
Why Cloudflare’s CAPTCHA replacement with FIDO2/WebAuthn is a really bad ideaDisclaimer: Thoughts expressed here are my own, and not of my employers.May 13, 20212694May 13, 20212694
Published inWebAuthn WorksWebAuthn/FIDO2: Verifying Apple Anonymous AttestationPlease note that this is an advance post, and requires prior understanding of the FIDO2 attestations. You can read more about them here.Jan 1, 202117Jan 1, 202117
Published inWebAuthn WorksSorting FIDO/CTAP/WebAuthn terminologyCTAP1 my U2F you FIDO2 CTAP2.Oct 28, 20201Oct 28, 20201
Published inWebAuthn WorksIntroduction to WebAuthn API…or Level 1 Credential Management API extension for Public Key Credentials, and the untold stories of managing credentials in the browser…Jan 15, 201924Jan 15, 201924
Published inWebAuthn WorksWebAuthn/FIDO2: Verifying Android KeyStore AttestationAndroid KeyStore is a key management container, that defends key material from extraction. Depending on the device, it can be either…Dec 15, 20182Dec 15, 20182
Published inWebAuthn WorksWebAuthn/FIDO2: Verifying Packed Attestation2014 is outside. Pharrell Williams’s Happy is top chart. Obama is still President. And U2F just was released with simple merged buffer…Nov 11, 20188Nov 11, 20188
Published inWebAuthn WorksWebAuthn/FIDO2: Verifying SafetyNet Attestation“If it keeps on rainin’ levee’s goin’ to break” Led Zeppelin would sing over and over in their songs. But then Google put some crazy…Nov 5, 20183Nov 5, 20183
Published inWebAuthn WorksWebAuthn/FIDO2: Verifying assertion responsesIn this article we will talk about procedures that server will need to perform in order to validate WebAuthn response. If you are…Aug 3, 201812Aug 3, 201812
Published inWebAuthn WorksWebAuthn/FIDO2: Verifying U2F AttestationPlease note that this is an advance post, and requires prior understanding of the FIDO2 attestations. You can read more about them here.Aug 3, 20181Aug 3, 20181
Published inWebAuthn WorksWebAuthn/FIDO2: Verifying TPM AttestationPlease note that this is an advance post, and requires prior understanding of the FIDO2 attestations. You can read more about them here.Jul 15, 20187Jul 15, 20187
Who lives in a pineapple under the sea? P-K-C-S!…or story about trying to find all of the standards.Mar 26, 2017Mar 26, 2017
Published inWebAuthn WorksFIDO U2F — Универсальная Двухфакторная Аутентификация. ВведениеНи для кого не секрет, что сегодня существует большая проблема с безопасностью в интернете. Пользователи используют легкие пароли и…Jul 12, 2016Jul 12, 2016