starkzarn
@roguesecurity.dev
hacker of things | printer of plastic | wizard of linux | leader of assurance
I have not, but maybe I don't follow. I have only seen QR used for onboarding passkeys, never authenticating with them. Untrusted devices and BLE connections seems equally strange as far as threat modeling goes, to me. Have not found it in the Bitwarden docs either. Enlighten me?
October 27, 2025 at 3:21 PM
I have not, but maybe I don't follow. I have only seen QR used for onboarding passkeys, never authenticating with them. Untrusted devices and BLE connections seems equally strange as far as threat modeling goes, to me. Have not found it in the Bitwarden docs either. Enlighten me?
Love @bitwarden.bsky.social
I'm already a user and a fan! I use it for the few things that have passkeys in my life currently, but I still don't agree with the overarching implementation of passkeys.
I'm already a user and a fan! I use it for the few things that have passkeys in my life currently, but I still don't agree with the overarching implementation of passkeys.
October 23, 2025 at 7:27 PM
Love @bitwarden.bsky.social
I'm already a user and a fan! I use it for the few things that have passkeys in my life currently, but I still don't agree with the overarching implementation of passkeys.
I'm already a user and a fan! I use it for the few things that have passkeys in my life currently, but I still don't agree with the overarching implementation of passkeys.
I'm a user and general fan of Bitwarden -- self-hosted. It works great for me, but it still means that to use it on a "guest" device, I need to access my password manager *on that device*. The alternative being accessing my password manager on my trusted device (my phone), and transposing the data.
October 23, 2025 at 7:26 PM
I'm a user and general fan of Bitwarden -- self-hosted. It works great for me, but it still means that to use it on a "guest" device, I need to access my password manager *on that device*. The alternative being accessing my password manager on my trusted device (my phone), and transposing the data.
Reposted by starkzarn
So by proxy, RC4 with Kerberos is bad.
September 16, 2025 at 5:17 PM
So by proxy, RC4 with Kerberos is bad.