Post AVNyrHsGBGv5WbiphQ by gracjan@ieji.de
 (DIR) More posts by gracjan@ieji.de
 (DIR) Post #AVBpOQS9yTmsFZ9qNM by adam@hax0rbana.social
       2023-04-30T21:15:31Z
       
       0 likes, 1 repeats
       
       I'm excited to announce that I have successfully put together a #Signet #hardware #password manager, without any jumpers or hackery.This means I will be making more of these so people who want to up their #security game will be able to just buy them.I'll be honest: this one cost me over $300 in parts and many hours of labor. My goal is to get them down to about $45 each. That should allow me to break even (assuming I can produce them faster and my time is worth minimum wage). #infosec #foss
       
 (DIR) Post #AVBt3PygwijwVlc2PA by adam@hax0rbana.social
       2023-04-30T21:56:34Z
       
       0 likes, 0 repeats
       
       A brief rundown of features:- It stores #passwords- Can import #KeePass files- Compatible with #Linux, #Android, #Mac and #Windows- #AES256 #encrypted- Single focus, simple design- #OpenSource (#hardware, #firmware and #software)- Requires a physical button press for each username/passwordThat last point means that even if someone rooted your computer and stole your unlock password, they still would not be able to dump all the passwords from the hardware!
       
 (DIR) Post #AVBtOtCBVjOFD3A6j2 by adam@hax0rbana.social
       2023-04-30T22:00:26Z
       
       0 likes, 0 repeats
       
       How is it different from other hardware security thingies you may know?#Yubikeys don't store passwords and are not open source. They do #2FA, which #Signet does not.#Nitrokeys store 0 to 16 passwords (depending on the model). Signet can store hundreds of passwords. Nitrokeys do things like email encryption and #FIDO2 (depending on the model), which Signet does not.The #Trezor Model T does not store passwords. It does FIDO2 and holds your digital currencies.
       
 (DIR) Post #AVBtyzosMO7UB8TbkG by adam@hax0rbana.social
       2023-04-30T22:06:57Z
       
       0 likes, 0 repeats
       
       If you can use FIDO2 alone to log into systems, do so. It's better in pretty much every way.For the other 99% of use cases, use #Signet šŸ˜ (and maybe FIDO2 for a second factor, for sites that have limited FIDO2 support).Sadly most sites only have partial FIDO2 support (as a second factor). Full FIDO2 support is sometimes called passwordless login (though that term is overloaded), login with a device, or WebAuthn/WebAuthz.@nextcloud has full FIDO2 support, but Google & friends lag behind.
       
 (DIR) Post #AVC3VlZ3HTB96umAK0 by JoYo@hackers.town
       2023-04-30T23:53:42Z
       
       0 likes, 0 repeats
       
       @adam @nextcloud I'd love to use a titan key to login to a Chromebook.that would be so nice.
       
 (DIR) Post #AVCbT6pd9KfydvR1uK by Steve_Read@mastodon.social
       2023-05-01T06:14:12Z
       
       0 likes, 0 repeats
       
       @adam that sounds super! Have you any thoughts around how it could handle data durability? It would be awful to lose all of those passwords due to a single point of failure - whether lost, stolen or a hardware failure.
       
 (DIR) Post #AVCdoBHxyPQ4SJrekq by fedops@fosstodon.org
       2023-05-01T06:40:20Z
       
       0 likes, 0 repeats
       
       @adam that sounds very interesting! Can you explain a bit more (or do you have documentation) how the password provisioning to applications is handled? Does it emulate USB keypresses? Also how is the unlocking of the password store done?Thanks!
       
 (DIR) Post #AVFoo6PdmiyuIoUzfk by datapointzjay@infosec.exchange
       2023-05-02T19:27:47Z
       
       0 likes, 0 repeats
       
       @adam Adamā€¦. Donā€™t sell yourself short. Look at how much the unit could be if you were paid a living wageā€¦ assume $25-30/hr. Look at how you can reduce cost of materials, perhaps even check to see if something can be 3d printed if itā€™s too expensive.
       
 (DIR) Post #AVFrRz3ekRssz5MPbc by adam@hax0rbana.social
       2023-05-02T19:57:25Z
       
       0 likes, 0 repeats
       
       @datapointzjayThanks for the encouragement.The numbers I've run so far are just for the electronics. I haven't even designed a case yet, but the plan is to 3d print them when I do.If there is enough interest, I can buy in larger quantities and lower the cost/unit for parts.If there is even more interest, I can afford better tools like a reflow oven and rework station instead of the huge heat gun I'm using now.Without higher volume, it's just expensive to make.
       
 (DIR) Post #AVNyrHsGBGv5WbiphQ by gracjan@ieji.de
       2023-05-06T17:58:02Z
       
       0 likes, 0 repeats
       
       @adam @nextcloud Google added passwordless login with FIDO2 this week. https://blog.1password.com/what-are-passkeys
       
 (DIR) Post #AVO0c3P1u2hmCtuiRM by adam@hax0rbana.social
       2023-05-06T18:17:47Z
       
       0 likes, 0 repeats
       
       @gracjan @nextcloud I saw the passkeys article. Have you used it yet?
       
 (DIR) Post #AVO2cJoF6SSH02xdK4 by gracjan@ieji.de
       2023-05-06T18:40:13Z
       
       0 likes, 0 repeats
       
       @adam @nextcloud I added a Yubikey and an iPhone as passkeys and it works fine. You can still log in with a password + 2FA if you want and thereā€™s no option to disable that yet.