the issue is X is retiring twitter.com & WebAuthn by default does not support assigning new domains to existing passkeys, so you need a new passkey for x.com specifically
your passkey technically still works, on the site you registered it (unless X already begun decommissioning the Twitter domain)
your passkey technically still works, on the site you registered it (unless X already begun decommissioning the Twitter domain)
November 12, 2025 at 8:49 PM
the issue is X is retiring twitter.com & WebAuthn by default does not support assigning new domains to existing passkeys, so you need a new passkey for x.com specifically
your passkey technically still works, on the site you registered it (unless X already begun decommissioning the Twitter domain)
your passkey technically still works, on the site you registered it (unless X already begun decommissioning the Twitter domain)
to be fair "site ships a broken WebAuthn integration" is just "a day ending in Y"
November 12, 2025 at 7:23 PM
to be fair "site ships a broken WebAuthn integration" is just "a day ending in Y"
The server's origin is used to generate passkey credentials. A credential signed for one app can't be used elsewhere.
What about subdomains? Or multiple domains? In this post, we'll explore some options.
duende.link/igeq87f #dotnet #security #passkeys #webauthn
What about subdomains? Or multiple domains? In this post, we'll explore some options.
duende.link/igeq87f #dotnet #security #passkeys #webauthn
Duende Software - Identity and Access Management for .NET
We help companies using .NET to build identity and access control solutions for modern applications.
duende.link
November 12, 2025 at 2:45 PM
The server's origin is used to generate passkey credentials. A credential signed for one app can't be used elsewhere.
What about subdomains? Or multiple domains? In this post, we'll explore some options.
duende.link/igeq87f #dotnet #security #passkeys #webauthn
What about subdomains? Or multiple domains? In this post, we'll explore some options.
duende.link/igeq87f #dotnet #security #passkeys #webauthn
github.com/tsuzu/crossd...
Tweetdeck alternativeが割と使えるレベルになったのだが、ElectronのwebviewでWebAuthNを通せる方法はあるんだろうか
Tweetdeck alternativeが割と使えるレベルになったのだが、ElectronのwebviewでWebAuthNを通せる方法はあるんだろうか
November 12, 2025 at 10:19 AM
github.com/tsuzu/crossd...
Tweetdeck alternativeが割と使えるレベルになったのだが、ElectronのwebviewでWebAuthNを通せる方法はあるんだろうか
Tweetdeck alternativeが割と使えるレベルになったのだが、ElectronのwebviewでWebAuthNを通せる方法はあるんだろうか
WebAuthN & PassKeys
GOODBYE PASSWORDS
GOODBYE PASSWORDS
November 11, 2025 at 7:15 PM
WebAuthN & PassKeys
GOODBYE PASSWORDS
GOODBYE PASSWORDS
Security simplified
- WebAuthN & Pass keys
- new scaffolder for Entra ID auth via dotnet scaffold
- WebAuthN & Pass keys
- new scaffolder for Entra ID auth via dotnet scaffold
November 11, 2025 at 7:15 PM
Security simplified
- WebAuthN & Pass keys
- new scaffolder for Entra ID auth via dotnet scaffold
- WebAuthN & Pass keys
- new scaffolder for Entra ID auth via dotnet scaffold
Security Improvements
WebAuthN & PassKey support!!!! 🥰🥰🥰
-Passkeys = cryptographic, phishing-resistant creds
- Built-in support for PassKeys to ASP.NET Core Identity
- Project templates include PassKey support
- Existing projects can add support
* NO SUPPORT FOR ATTESTATION YET*
#dotNETConf
WebAuthN & PassKey support!!!! 🥰🥰🥰
-Passkeys = cryptographic, phishing-resistant creds
- Built-in support for PassKeys to ASP.NET Core Identity
- Project templates include PassKey support
- Existing projects can add support
* NO SUPPORT FOR ATTESTATION YET*
#dotNETConf
November 11, 2025 at 5:36 PM
Security Improvements
WebAuthN & PassKey support!!!! 🥰🥰🥰
-Passkeys = cryptographic, phishing-resistant creds
- Built-in support for PassKeys to ASP.NET Core Identity
- Project templates include PassKey support
- Existing projects can add support
* NO SUPPORT FOR ATTESTATION YET*
#dotNETConf
WebAuthN & PassKey support!!!! 🥰🥰🥰
-Passkeys = cryptographic, phishing-resistant creds
- Built-in support for PassKeys to ASP.NET Core Identity
- Project templates include PassKey support
- Existing projects can add support
* NO SUPPORT FOR ATTESTATION YET*
#dotNETConf
Adding .NET 10 Passkey Support to Duende IdentityServer
👉 duende.link/berqe86
Learn how to add #dotnet 10 passkey support to a non-Blazor project such as MVC or Razor Pages.
#security #aspnetcore #identity #webauthn
👉 duende.link/berqe86
Learn how to add #dotnet 10 passkey support to a non-Blazor project such as MVC or Razor Pages.
#security #aspnetcore #identity #webauthn
Duende Software - Identity and Access Management for .NET
We help companies using .NET to build identity and access control solutions for modern applications.
duende.link
November 10, 2025 at 7:30 AM
Adding .NET 10 Passkey Support to Duende IdentityServer
👉 duende.link/berqe86
Learn how to add #dotnet 10 passkey support to a non-Blazor project such as MVC or Razor Pages.
#security #aspnetcore #identity #webauthn
👉 duende.link/berqe86
Learn how to add #dotnet 10 passkey support to a non-Blazor project such as MVC or Razor Pages.
#security #aspnetcore #identity #webauthn
⚠️ Your MFA might not be as safe as you think.
Hackers use MFA fatigue — flooding you with login prompts until you tap “Approve.”
🔐 Stay protected:
✅ Use hardware keys
✅ Turn on number matching
✅ Switch to FIDO2/WebAuthn
Small changes stop big breaches.
👉 ITImagined.com/contact-us
Hackers use MFA fatigue — flooding you with login prompts until you tap “Approve.”
🔐 Stay protected:
✅ Use hardware keys
✅ Turn on number matching
✅ Switch to FIDO2/WebAuthn
Small changes stop big breaches.
👉 ITImagined.com/contact-us
November 10, 2025 at 1:02 AM
⚠️ Your MFA might not be as safe as you think.
Hackers use MFA fatigue — flooding you with login prompts until you tap “Approve.”
🔐 Stay protected:
✅ Use hardware keys
✅ Turn on number matching
✅ Switch to FIDO2/WebAuthn
Small changes stop big breaches.
👉 ITImagined.com/contact-us
Hackers use MFA fatigue — flooding you with login prompts until you tap “Approve.”
🔐 Stay protected:
✅ Use hardware keys
✅ Turn on number matching
✅ Switch to FIDO2/WebAuthn
Small changes stop big breaches.
👉 ITImagined.com/contact-us
This week, I'm in Kobe for W3C #TPAC. I'm looking forward to a week of talking passkeys and WebAuthn, and more generally authentication technologies, and even more generally security and privacy on the web! If you're here and see me, say hi! If you wanna meet, let's!
November 9, 2025 at 11:38 PM
This week, I'm in Kobe for W3C #TPAC. I'm looking forward to a week of talking passkeys and WebAuthn, and more generally authentication technologies, and even more generally security and privacy on the web! If you're here and see me, say hi! If you wanna meet, let's!
Enhancing security with WebAuthn redirection in Amazon WorkSpaces #cloud
Enhancing security with WebAuthn redirection in Amazon WorkSpaces
Eyal Estrin
unread,
1:40 PM (17 minutes ago)
to
https://aws.amazon.com/blogs/desktop-and-application-streaming/enhancing-security-with-webauthn-redirection-in-amazon-workspaces/
Eyal Estrin
CISSP, CCSP, CISM, CISA, CDPSE, CCSK
Blog: https://security-24-7.com | Books: https://amzn.to/42Xai9A | https://amzn.to/3Sggbtv
Twitter: @eyalestrin | Bluesky: @eyalestrin.bsky.social
Reply all
Reply to author
Forward
groups.google.com
November 6, 2025 at 6:57 PM
Enhancing security with WebAuthn redirection in Amazon WorkSpaces #cloud
Prf and large blob would allow this but so far that only really worked in safari with apple keychain for me. But this is maybe on the Authenticators and not the browsers 🤷
Or browsers offer a secret key storage api outside of webauthn
developer.mozilla.org/en-US/docs/W...
Or browsers offer a secret key storage api outside of webauthn
developer.mozilla.org/en-US/docs/W...
Web Authentication extensions - Web APIs | MDN
The Web Authentication API has a system of extensions — extra functionality that can be requested during credential creation (navigator.credentials.create()) or authentication (navigator.credentials.g...
developer.mozilla.org
November 6, 2025 at 10:53 AM
Prf and large blob would allow this but so far that only really worked in safari with apple keychain for me. But this is maybe on the Authenticators and not the browsers 🤷
Or browsers offer a secret key storage api outside of webauthn
developer.mozilla.org/en-US/docs/W...
Or browsers offer a secret key storage api outside of webauthn
developer.mozilla.org/en-US/docs/W...
Yeah, in the day job we regard emailing as a massive no-no, SMS is a last resort. Passkey/FiDO/webauthn with biometrics and/or device binding is the current king.
November 6, 2025 at 4:07 AM
Yeah, in the day job we regard emailing as a massive no-no, SMS is a last resort. Passkey/FiDO/webauthn with biometrics and/or device binding is the current king.
Amazon WorkSpaces now supports WebAuthn redirection, allowing users to seamlessly authenticate with local security keys and biometric devices within virtual desktop environments across Windows and Linux platforms.
Enhancing security with WebAuthn redirection in Amazon WorkSpaces
Amazon WorkSpaces now supports WebAuthn redirection, allowing users to seamlessly authenticate with local security keys and biometric devices within virtual desktop environments across Windows and Linux platforms.
aws-news.com
November 5, 2025 at 5:42 PM
Amazon WorkSpaces now supports WebAuthn redirection, allowing users to seamlessly authenticate with local security keys and biometric devices within virtual desktop environments across Windows and Linux platforms.
📰 New article by Chirag Mishra
Enhancing security with WebAuthn redirection in Amazon WorkSpaces
#AWS #DesktopStreaming #ApplicationStreaming
Enhancing security with WebAuthn redirection in Amazon WorkSpaces
#AWS #DesktopStreaming #ApplicationStreaming
Enhancing security with WebAuthn redirection in Amazon WorkSpaces
In today’s security-conscious world, organizations are implementing strong authentication methods for applications running inside virtual desktop environments. A common challenge is enabling users to leverage their local security keys and biometric devices with applications running inside a remote desktop session. Amazon WorkSpaces now addresses this challenge with WebAuthn redirection, allowing users to seamlessly use their [...]
aws.amazon.com
November 5, 2025 at 5:46 PM
📰 New article by Chirag Mishra
Enhancing security with WebAuthn redirection in Amazon WorkSpaces
#AWS #DesktopStreaming #ApplicationStreaming
Enhancing security with WebAuthn redirection in Amazon WorkSpaces
#AWS #DesktopStreaming #ApplicationStreaming
npm's New Token Limits Won't Stop the Attacks That Actually Happen
npm's new token lifetime limits (90-day max, 7-day default) and mandatory WebAuthn are good security hygiene, but they don't address how attacks actually happen. The September 2025 breach that compromised 18 packa…
#hackernews #news
npm's new token lifetime limits (90-day max, 7-day default) and mandatory WebAuthn are good security hygiene, but they don't address how attacks actually happen. The September 2025 breach that compromised 18 packa…
#hackernews #news
npm's New Token Limits Won't Stop the Attacks That Actually Happen
npm's new token lifetime limits (90-day max, 7-day default) and mandatory WebAuthn are good security hygiene, but they don't address how attacks actually happen. The September 2025 breach that compromised 18 packages with 2.6B weekly downloads succeeded via phishing—the attacker had full account access and could generate tokens at will. The XZ Utils backdoor involved three years of social engineering to gain maintainer trust. Token rotation doesn't stop account takeovers, malicious insiders, or the lack of code review. npm is treating the symptom (token exposure) rather than the disease (anyone can publish anything instantly).
hackernoon.com
November 4, 2025 at 3:08 PM
npm's New Token Limits Won't Stop the Attacks That Actually Happen
npm's new token lifetime limits (90-day max, 7-day default) and mandatory WebAuthn are good security hygiene, but they don't address how attacks actually happen. The September 2025 breach that compromised 18 packa…
#hackernews #news
npm's new token lifetime limits (90-day max, 7-day default) and mandatory WebAuthn are good security hygiene, but they don't address how attacks actually happen. The September 2025 breach that compromised 18 packa…
#hackernews #news
can we get passkeys for bluesky yet? at least let us do webauthn for 2fa. the email 2fa is inconvenient/annoying.
November 4, 2025 at 8:26 AM
can we get passkeys for bluesky yet? at least let us do webauthn for 2fa. the email 2fa is inconvenient/annoying.
⏱️The countdown continues: .NET Conf 2025 is on the horizon. 🌄
Drop in to learn to build better web apps with Blazor in .NET 10 and discover how Blazor simplifies secure web development with WebAuthN, passkeys, and Entra ID authentication.
Set your reminder: msft.it/63327tD2FF
#dotNETConf
Drop in to learn to build better web apps with Blazor in .NET 10 and discover how Blazor simplifies secure web development with WebAuthN, passkeys, and Entra ID authentication.
Set your reminder: msft.it/63327tD2FF
#dotNETConf
November 4, 2025 at 3:00 AM
⏱️The countdown continues: .NET Conf 2025 is on the horizon. 🌄
Drop in to learn to build better web apps with Blazor in .NET 10 and discover how Blazor simplifies secure web development with WebAuthN, passkeys, and Entra ID authentication.
Set your reminder: msft.it/63327tD2FF
#dotNETConf
Drop in to learn to build better web apps with Blazor in .NET 10 and discover how Blazor simplifies secure web development with WebAuthN, passkeys, and Entra ID authentication.
Set your reminder: msft.it/63327tD2FF
#dotNETConf
Can I interest you in WebAuthn's Virtual Authenticator browser automation API? It's great for setting up automated end-to-end front end tests if you're running them in an actual browser. It automates the user's interaction with WebAuthn's modals w3c.github.io/webauthn/#sc...
Web Authentication: An API for accessing Public Key Credentials - Level 3
w3c.github.io
November 3, 2025 at 10:52 PM
Can I interest you in WebAuthn's Virtual Authenticator browser automation API? It's great for setting up automated end-to-end front end tests if you're running them in an actual browser. It automates the user's interaction with WebAuthn's modals w3c.github.io/webauthn/#sc...
npm's New Token Limits Won't Stop the Attacks That Actually Happen npm's new token lifetime limits (90-day max, 7-day default) and mandatory WebAuthn are good security hygiene, but they...
#npm #npm-token-limit #npm-token-attacks #cybersecurity #npm-package-security #npm-token-security […]
#npm #npm-token-limit #npm-token-attacks #cybersecurity #npm-package-security #npm-token-security […]
Original post on hackernoon.com
hackernoon.com
November 3, 2025 at 7:33 PM
npm's New Token Limits Won't Stop the Attacks That Actually Happen npm's new token lifetime limits (90-day max, 7-day default) and mandatory WebAuthn are good security hygiene, but they...
#npm #npm-token-limit #npm-token-attacks #cybersecurity #npm-package-security #npm-token-security […]
#npm #npm-token-limit #npm-token-attacks #cybersecurity #npm-package-security #npm-token-security […]
⏱️The countdown continues: .NET Conf 2025 is on the horizon. 🌄
Drop in to learn to build better web apps with Blazor in .NET 10 and discover how Blazor simplifies secure web development with WebAuthN, passkeys, and Entra ID authentication.
Set your reminder: msft.it/63321tD2mb
#dotNETConf
Drop in to learn to build better web apps with Blazor in .NET 10 and discover how Blazor simplifies secure web development with WebAuthN, passkeys, and Entra ID authentication.
Set your reminder: msft.it/63321tD2mb
#dotNETConf
November 3, 2025 at 1:00 PM
⏱️The countdown continues: .NET Conf 2025 is on the horizon. 🌄
Drop in to learn to build better web apps with Blazor in .NET 10 and discover how Blazor simplifies secure web development with WebAuthN, passkeys, and Entra ID authentication.
Set your reminder: msft.it/63321tD2mb
#dotNETConf
Drop in to learn to build better web apps with Blazor in .NET 10 and discover how Blazor simplifies secure web development with WebAuthN, passkeys, and Entra ID authentication.
Set your reminder: msft.it/63321tD2mb
#dotNETConf
The browser is becoming your authentication layer. Learn about FedCM, Digital Credentials & the passwordless APIs shipping NOW #WebAuthn #DevSummit25
Eiji Kitamura at Dev Summit 25 bit.ly/3VDyGtT
Eiji Kitamura at Dev Summit 25 bit.ly/3VDyGtT
November 3, 2025 at 1:09 AM
The browser is becoming your authentication layer. Learn about FedCM, Digital Credentials & the passwordless APIs shipping NOW #WebAuthn #DevSummit25
Eiji Kitamura at Dev Summit 25 bit.ly/3VDyGtT
Eiji Kitamura at Dev Summit 25 bit.ly/3VDyGtT
Say goodbye ✋ to passwords, and hello 👋 to secure, phishing-resistant logins: passkey credentials.
Part 1 of our 4-part blog series covers password and authentication evolution 👀
duende.link/p455k3y #passkeys #webauthn #dotnet #security #aspnetcore
Part 1 of our 4-part blog series covers password and authentication evolution 👀
duende.link/p455k3y #passkeys #webauthn #dotnet #security #aspnetcore
Duende Software - Identity and Access Management for .NET
We help companies using .NET to build identity and access control solutions for modern applications.
duende.link
October 31, 2025 at 5:07 PM
Say goodbye ✋ to passwords, and hello 👋 to secure, phishing-resistant logins: passkey credentials.
Part 1 of our 4-part blog series covers password and authentication evolution 👀
duende.link/p455k3y #passkeys #webauthn #dotnet #security #aspnetcore
Part 1 of our 4-part blog series covers password and authentication evolution 👀
duende.link/p455k3y #passkeys #webauthn #dotnet #security #aspnetcore
Got some free time and decided to implement webauthn in OCaml, it was fun.
fearful-odds.rocks/blog/webauth...
fearful-odds.rocks/blog/webauth...
WebAuthn & Passkeys in OCaml: Implementing Passwordless Authentication
Building a complete WebAuthn/Passkeys authentication system in OCaml: from bytea binary storage challenges to Base64 encoding layers, model validation, and repository patterns.
fearful-odds.rocks
October 30, 2025 at 6:55 PM
Got some free time and decided to implement webauthn in OCaml, it was fun.
fearful-odds.rocks/blog/webauth...
fearful-odds.rocks/blog/webauth...