Using Passkeys to Login to V4V.app gets a shout out on Security Now Podcast ep975 from Steve Gibson

in #v4vapp6 months ago

Support Proposal 265 on PeakD
Vote for Brianoflondon's Witness KeyChain or HiveSigner

This is a value for value post: see the explanation in the footer.


PassKeys on @v4vapp for Hive

A few weeks ago I add the ability to use PassKeys as a way to secondarily authenticate to my Hive app v4v.app AFTER you've proved you have your Hive keys with Keychain or HAS.

The way I foresee this working (and the way I use it) is to log on to v4v.app on my Mac, log in with keychain and then ADD a PassKey to that account (which is shared across all my Apple devices). Android can do the same and indeed you can use a 3rd party password manager like 1Password or a YubiKey physical device too!

I explained all this in a DM to Steve Gibson of the Security Now podcast (the longest running and one of the best computer security news shows on the web) and he read out my note!

When he talks about me "rolling my own" authentication, he doesn't quite realise that I'm describing Hive's system of public/private keys and signing software like @keychain. He and Leo both have a bit of an aversion to crypto which is why I was deliberately a little vague on this point. I probably should have mentioned Hive though. Next time.

To see in a podcast app: https://podverse.fm/clip/dmwkK8c-n

You can see a demo of how PassKeys work here:

~~~ embed:1781911557615620423?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1781911557615620423%7Ctwgr%5E594f3a8a7156fb3027fa7b2c1146e6f1034db01e%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Fpeakd.com%2Fhive-110369%2F%40brianoflondon%2Fpasskeys-new-account-sign-up-and-a-net-dhf-proposal-hive-110369 twitter metadata:djR2YXBwfHxodHRwczovL3R3aXR0ZXIuY29tL3Y0dmFwcC9zdGF0dXMvMTc4MTkxMTU1NzYxNTYyMDQyM3w= ~~~

Steve Gibson Security Now Ep975


Value for Value

For the last few months while building @v4vapp I was generously supported by the DHF. Going forward I have a much more modest support which covers direct server costs and a little of my time.

If you appreciate the work I do on and around Hive, you can express this directly: upvoting posts on Hive is great. Also consider a direct donation (there's a Tip button on Hive or a Lightning Address) on all my posts.

hivebuzz-orca-120.png

Support Proposal 265 on PeakD
Support Proposal 265 with Hivesigner
Support Proposal 265 on Ecency
Vote for Brianoflondon's Witness KeyChain or HiveSigner


Send Lightning to Me!

Sort:  

Passkey is like an extra security feature. Additional layer of security is more secured. Similar to verifying your account, by a code sent to your email !

I tried it out myself and can confirm it's working!
Good job!

In regards to the note to Steve Gibson, mentioning Hive could be good but I perceived it the same in the past that he isn't that big of a fan of crypto, so rather not push it on him, would be my approach as well.
Keep up the good work! 🙌

Muy interesante está semana información, felicidades

I love the new upgrade on the security feature
You’re doing well!

I so much love the idea of the Passkey. It will definitely help to aid security and take it a step further. You are really doing a very great job my dear friend

PIZZA!
The Hive.Pizza team manually curated this post.

$PIZZA slices delivered:
@atma.love(1/20) tipped @brianoflondon

Please vote for pizza.witness!

You are really doing a very great job and with the passkey development, it will take the security feature to a great level

Congratulations @brianoflondon! You received a personal badge!

You powered-up at least 10 HIVE on Hive Power Up Day!
Wait until the end of Power Up Day to find out the size of your Power-Bee.
May the Hive Power be with you!

You can view your badges on your board and compare yourself to others in the Ranking

Check out our last posts:

Hive Power Up Month Challenge - May 2024 Winners List
Be ready for the June edition of the Hive Power Up Month!
Hive Power Up Day - June 1st 2024

Congratulations @brianoflondon! You received a personal badge!

You powered-up at least 1000 HP on Hive Power Up Day and got the biggest Power-Bee!
See you at the next Power Up day to see if you will repeat this feat.
May the Hive Power be with you!

You can view your badges on your board and compare yourself to others in the Ranking

Check out our last posts:

Hive Power Up Month Challenge - May 2024 Winners List
Be ready for the June edition of the Hive Power Up Month!
Hive Power Up Day - June 1st 2024

Congratulations @brianoflondon! You received a personal badge!

You raised your Hive Power every day of the month! Enjoy better curation reward and more to say in governance.
Participate in the next Power Up month to get another one!

You can view your badges on your board and compare yourself to others in the Ranking

Check out our last posts:

Feedback from the June Hive Power Up Day
Hive Power Up Month Challenge - May 2024 Winners List
Be ready for the June edition of the Hive Power Up Month!

Using Passkey brings convenience but no additional security, on the contrary.
If key validation is not performed each time, it allows user to authenticate with their passkey even if they changed their keys on the blockchain.

This raises a very interesting issue which I can fix. I could record the User's public key at the time of setting the passkey and simple invalidate that passkey if their hive public key changes. I think that's an important point and I'll look at getting that done.

Great that you're open to and respond to constructive criticism brother!

Some free Hive-engine tokens for you:
!PIZZA !LOL !LUV

Well pointed out!