I love #PocketID, a light weight #selfhosted #OIDC using only #Passkey.

After using it for several months with an LXC installation using Proxmox Helper Scripts, I noticed that the service runs as root. I also learned that a VM installation is more secure than an LXC. This article will guide you through installing Pocket-ID as a non-root service on Debian. Additionally, there's an upgrade script included.

#Proxmox #debian #selfhosting #homelab #openID #passkeys

https://www.lucasjanin.com/2025/06/02/pocket-id-bare-metal-installation-on-debian

Après avoir utilisé #PocketID pendant plusieurs mois avec une installation LXC via les Proxmox Helper Scripts, j'ai remarqué que le service s'exécute en tant que root. J'ai également appris qu'une VM est plus sécurisée qu'un LXC. Cet article vous guidera dans l'installation de PocketID en tant que service non root sur Debian. De plus, un script de mise à niveau est inclus.

#Proxmox #debian #selfhosted #selfhosting #homelab #OIDC #openID #passkey #passkeys

https://www.lucasjanin.com/2025/06/02/pocket-id-installation-bare-metal-sur-debian/

Last call: c't-Webinar "Passkeys statt Passwörter"

Sichere Logins ohne Passwort sind möglich. Das Webinar zeigt, wie Passkeys funktionieren, wie man sie auf mehreren Geräten nutzt und was bei Problemen hilft.

https://www.heise.de/news/Last-call-c-t-Webinar-Passkeys-statt-Passwoerter-10397369.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Dank dieser 5 Passkey-Tricks kann ich Passwörter endlich vergessen - PC-WELT
https://www.pcwelt.de/article/2769745/dank-dieser-5-passkey-tricks-kann-ich-passworter-endlich-vergessen.html #Datenschutz #Passkey #Passwort

@jerry security theory question: is a #passkey rather a something you know or a something you have? In terms of MFA? I see different orgs that treat it either this way or that way. Any opinion or maybe even hard fact?

Kudos to the Pocket-ID team for the excellent version 1.0.0 ! The bare-metal installation is now incredibly simple, with no dependencies or compilation required . Future updates will also be easier!

P.S. Thanks to Proxmox's snapshots for saving me from my many mistakes :-)

https://pocket-id.org

#pocketid #oidc #selfhosted #selfhosting #selfhost
#homelab #proxmox #passkey

Ich finde es absolut klasse, dass #GOG endlich #2FA hat, aber #Passkey wäre mir lieber.

Chrome modificherà automaticamente le password compromesse
#Autenticazione #Browser #Chrome #Credenziali #Gestione #GestorePassword #Google #GoogleChrome #Innovazione #Internet #Notizie #Novità #NuoveFunzioni #PassKey #Password #PasswordManager #Privacy #Sicurezza #TechNews #Tecnologia

https://www.ceotech.it/chrome-modifichera-automaticamente-le-password-compromesse/

c't-Webinar: Passkeys verstehen und sicher einsetzen

Passkeys bieten eine sichere Alternative zum Passwort. Im Webinar erfahren Sie, wie Passkeys funktionieren, wie man sie einsetzt und worauf man achten muss.

https://www.heise.de/news/c-t-Webinar-Passkeys-verstehen-und-sicher-einsetzen-10387680.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

This blogpost has a point. Except one: #passkey s are not inherently bad, but the current real world implementation with its dependencies on proprietary products and phones is. https://www.dedoimedo.com/life/passwords-passkeys.html

I heard Amazon allowed passkeys now (I don't use Amazon any more, but I've still got my account for my order history) so I decided to check it out.

In reality, one of these passkeys is the default *Android* provider, and the other is a Yubikey. 0 stars for the passkey interface: the data are wrong, I can't tell them apart, and I have no way to rename them even if I could. Must. Do. Better.

I'm really glad I moved everything away from #Google a while ago. Just tried to enable #2FA with some FIDO2 keys and they won't allow it without setting a PIN on them. They're really pushing the #Passkey bullshit hard. Well, no 2FA on Google, then.

I need to better understand passkeys. And I need to develop guidance that I can explain to my dad.

On that note it was cool to see Costco app prompt to create a #passkey this morning.

Why does Google sometimes show me a QR code to sign in using a #passkey, but other times it lets me sign in with #1Password? Is the 1Password extension the problem?

I will never, ever want to sign in using the terrible QR code passkey workflow. Sadly, when this happens, there seems to be no way to avoid it.

Cyber criminals changed bank details at the Federal Employment Agency

According to the government, a total of 831 online accounts at the Federal Employment Agency were attacked. In 121 of these, the IBAN had been changed.

https://www.heise.de/en/news/Cyber-criminals-changed-bank-details-at-the-Federal-Employment-Agency-10383865.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

Cyberkriminelle änderten Bankverbindungen bei der Bundesagentur für Arbeit

Insgesamt seien 831 Online-Accounts bei der Bundesagentur für Arbeit angegriffen worden, teilt die Regierung mit. In 121 davon sei die IBAN getauscht worden.

https://www.heise.de/news/Cyberkriminelle-aenderten-Bankverbindungen-bei-der-Bundesagentur-fuer-Arbeit-10383804.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon