authentication   35191

« earlier    

Coercion – a problem larger than authentication • Medium
"The Grugq":
<p>It seems appropriate to address the flawed understanding of security threats prompted by the FaceID authentication mechanism when it was announced. Particularly frustrating was the deep confusion around how coercion works at different levels, and why the sinister threat of “authoritarian regimes” is a poor threat model to apply to authentication mechanism security. It is popular to ask “how will this technology enable abuse by authoritarian regimes,” but the people asking that question, the technologies they choose to fret about, and the fantasy logic they use constructing threat models, need the cold water of reality…

…Technology that empowers dissidents, and dissident groups, is almost always just going to be Facebook (and Twitter, and WhatsApp or whatever the dominant is messenger for their region [see: Metcalfe’s Law]). Security for dissidents comes from being in the public eye, protecting them against secret reprisals.

When the secret police move against dissident groups, the individuals are going to face coercion that is state level. They will vanish while traveling alone. They will kill themselves while in police custody “in order to embarrass the police.” They will throw themselves off tall buildings “rather than face arrest” — no autopsy possible, their bodies cremated within 24hrs as they always wanted. They will commit suicide by shooting themselves in the back of the head, twice - just to be sure. If they survive secret police reprisals long enough, they will go to jail for decades.

The usual goal for a dissident who is captured is to remain silent for 24–48hrs, long enough to enable their comrades to escape. If there is some law governing their detention it may be “endure torture for 7 days, or jail for 30 years.”

At no point in time will dissidents think “if only my mobile phone was protected by an authentication mechanism that could not be tricked by physically forcing me to cooperate against my will.” In many cases, the coercion will be like a parent telling a child to go to their room. The weaker party will simply cooperate.</p>


This is why, he points out, a lot of the noise about privacy in these systems is misplaced. The only information you can't give up is what you don't know. And even that can be forced out of you.
security  authentication  technology 
6 hours ago by charlesarthur
Authlib
An ambitious authentication library for OAuth 1, OAuth 2, OpenID clients and servers. From specification implementation to Flask and Django integrations.
authentication  oauth  python 
13 hours ago by kwbr
Connect to API Gateway with IAM Auth | Serverless Stack
For our React.js app to make requests to a serverless backend API secured using AWS IAM, we need to sign our requests using Signature Version 4. But to be able to do that we need to use our User Pool user token and get temporary IAM credentials from our Identity Pool. Using these temporary IAM credentials we can then generate the Signature Version 4 security headers and make a request using HTTP fetch.
aws-cognito  reference-implementations  authentication 
16 hours ago by aaronmcadam
SSH authentication with GnuPG and smart cards › NETWAYS Blog
Most system administrators know how to use key-based authentication with SSH. Some of the more obvious benefits include agent forwarding (i.e. being able to use your SSH key on a remote system) and not having to remember passwords. There are, however, a few issues with having your SSH key on a general-purpose computer: Malware can obtain an unencrypted copy of your private SSH key fairly easily. Also, while migrating your key to another system is fairly easy it’s virtually impossible to securely use your SSH key on another untrusted system (e.g. at a customer).
authentication  gnupg  ssh  smartcard  yubikey 
16 hours ago by jchris
Keycloak
Add authentication to applications and secure services with minimum fuss.
authentication  security 
16 hours ago by mattdunn

« earlier    

related tags

1password  2-factor  2fa  acl  admin  angular  api-gateway  api  apollo  app  application  auth  authorization  aws-cognito  aws  aws_security  azure  back-end  bestpractices  browser  c#  ca  captive  certificate  certificates  certification  challenge-response  cli  clojure  cognito  comp3911  cookies  cool-tools  credentials  crypto  csrf  database  design  desktop  dev  development  docker  dotnet  drupal  drupal7  drupal8  eff  encryption  factor  fido  forum  gem  github  gnupg  go  golang  google  gpg  graphql  guide  hacker_news  hat  hn  howto  http  identity  idp  iis  image  important  interceptor  ionic  javascript  jwt  kerboros  key  krypton  lambda  laravel  ldap  library  linux  localstorage  login  lumen  lumen5.4  manager  mfa  microsoft  mit  mobile  multi  network  networking  news  nodejs  nslcd  nsurlcredentialstorage  nsurlsession  oauth  oauth2  openid  opensource  pam  paper  password-manager  password  passwords  permissions  phishing  phone  pki  portal  privacy  private  proxy  python  react  red  redhat  redux  reference-implementations  reference  resources  rest  rhce  rhcsa  ruby  saas  scam  security  server  service  session  setting  setup  sftp  shopify  smartcard  software  specification  ssh  sso  store  teams  technology  toekn  token  tolearn  tools  toread  totry  tounderstand  troubleshooting  twilio  twitter  tymon  u2f  up  urlcredentialstorage  urlsession  vmware  vue.js  web-dev  web-security  web  webapi  webdev  webserver  webtoken  wifi  windows  wireless  wordpress  yubikey 

Copy this bookmark:



description:


tags: