mirror of
https://github.com/privacyguides/privacyguides.org.git
synced 2025-09-22 14:04:39 -04:00
Merge branch 'main' into sumbitted-article-29302
This commit is contained in:
Jonah Aragon
GitHub
commit
56a48d1960
3 changed files with 18 additions and 32 deletions
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
title: "Multifactor Authentication"
|
||||
icon: 'material/two-factor-authentication'
|
||||
title: Multifactor Authentication
|
||||
icon: material/two-factor-authentication
|
||||
description: MFA is a critical security mechanism for securing your online accounts, but some methods are stronger than others.
|
||||
---
|
||||
**Multifactor Authentication** (**MFA**) is a security mechanism that requires additional steps beyond entering your username (or email) and password. The most common method is time limited codes you might receive from SMS or an app.
|
||||
|
|
@ -63,7 +63,7 @@ If your threat model requires you to have different identities on different webs
|
|||
|
||||
#### FIDO (Fast IDentity Online)
|
||||
|
||||
[FIDO](https://en.wikipedia.org/wiki/FIDO_Alliance) includes a number of standards, first there was U2F and then later [FIDO2](https://en.wikipedia.org/wiki/FIDO2_Project) which includes the web standard [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn).
|
||||
[FIDO](https://en.wikipedia.org/wiki/FIDO_Alliance) includes a number of standards, first there was [U2F](https://en.wikipedia.org/wiki/Universal_2nd_Factor) and then later [FIDO2](https://en.wikipedia.org/wiki/FIDO2_Project) which includes the web standard [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn).
|
||||
|
||||
U2F and FIDO2 refer to the [Client to Authenticator Protocol](https://en.wikipedia.org/wiki/Client_to_Authenticator_Protocol), which is the protocol between the security key and the computer, such as a laptop or phone. It complements WebAuthn which is the component used to authenticate with the website (the "Relying Party") you're trying to log in on.
|
||||
|
||||
|
|
|
|||
|
|
@ -97,7 +97,7 @@ They have also received the Digital Trust Label, a certification from the [Swiss
|
|||
|
||||
{ align=right }
|
||||
|
||||
**Peergos** is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, and view their photos, videos, documents, etc. Peergos secures your files with quantum-resistant E2EE and ensures all data about your files remains private.
|
||||
**Peergos** is a decentralized protocol and open-source platform for storage, social media, and applications. It provides a secure and private space where users can store, share, view and edit their photos, videos, documents, etc. Peergos secures your files with quantum-resistant E2EE and ensures all data about your files remains private.
|
||||
|
||||
[:octicons-home-16: Homepage](https://peergos.org){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://peergos.net/privacy.html){ .card-link title="Privacy Policy" }
|
||||
|
|
@ -110,9 +110,9 @@ They have also received the Digital Trust Label, a certification from the [Swiss
|
|||
|
||||
- [:simple-googleplay: Google Play](https://play.google.com/store/apps/details?id=peergos.android)
|
||||
- [:simple-github: GitHub](https://github.com/Peergos/web-ui/releases)
|
||||
- [:fontawesome-brands-windows: Windows](https://github.com/Peergos/web-ui/releases)
|
||||
- [:simple-apple: macOS](https://github.com/Peergos/web-ui/releases)
|
||||
- [:simple-linux: Linux](https://github.com/Peergos/web-ui/releases)
|
||||
- [:fontawesome-brands-windows: Windows](https://peergos.org/download#windows)
|
||||
- [:simple-apple: macOS](https://peergos.org/download#macos)
|
||||
- [:simple-linux: Linux](https://peergos.org/download#linux)
|
||||
- [:octicons-browser-16: Web](https://peergos.net)
|
||||
|
||||
</details>
|
||||
|
|
@ -121,9 +121,7 @@ They have also received the Digital Trust Label, a certification from the [Swiss
|
|||
|
||||
Peergos is built on top of the [InterPlanetary File System (IPFS)](https://ipfs.tech), a peer-to-peer architecture that protects against [:material-close-outline: Censorship](basics/common-threats.md#avoiding-censorship){ .pg-blue-gray }.
|
||||
|
||||
Peergos is primarily a web app, but you can self-host the server either as a local cache for your remote Peergos account, or as a standalone storage server which negates the need to register for a remote account and subscription. The Peergos server is a `.jar` file, which means the Java 17+ Runtime Environment ([OpenJDK download](https://azul.com/downloads)) should be installed on your machine to get it working.
|
||||
|
||||
Running a local version of Peergos alongside a registered account on their paid, hosted service allows you to access your Peergos storage without any reliance on DNS or TLS certificate authorities, and keep a copy of your data backed up to their cloud. The user experience should be the same whether you run their desktop server or just use their hosted web interface.
|
||||
Peergos has a web app, desktop apps and an Android app and you can also self-host the server. Client, server and command line interface all run from the same binary. There is a sync engine included (accessible via the desktop or android apps) for bi-directionally synchronizing a local folder with a Peergos folder, and a webdav bridge to allow other applications to access your Peergos storage.
|
||||
|
||||
Peergos was [audited](https://peergos.org/posts/security-audit-2024) in November 2024 by Radically Open Security and all issues were fixed. They were previously [audited](https://cure53.de/pentest-report_peergos.pdf) by Cure53 in June 2019, and all found issues were subsequently fixed.
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
---
|
||||
title: "Security Keys"
|
||||
title: Security Keys
|
||||
icon: material/key-chain
|
||||
description: These security keys provide a form of phishing-immune authentication for accounts that support it.
|
||||
cover: multi-factor-authentication.webp
|
||||
|
|
@ -9,7 +9,7 @@ cover: multi-factor-authentication.webp
|
|||
- [:material-target-account: Targeted Attacks](basics/common-threats.md#attacks-against-specific-individuals){ .pg-red }
|
||||
- [:material-bug-outline: Passive Attacks](basics/common-threats.md#security-and-privacy){ .pg-orange }
|
||||
|
||||
A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
|
||||
A physical **security key** adds a very strong layer of protection to your online accounts. Compared to [authenticator apps](multi-factor-authentication.md), the [FIDO2](basics/multi-factor-authentication.md#fido-fast-identity-online) security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.
|
||||
|
||||
## Yubico Security Key
|
||||
|
||||
|
|
@ -19,7 +19,7 @@ A physical **security key** adds a very strong layer of protection to your onlin
|
|||
{ width="315" }
|
||||
</figure>
|
||||
|
||||
The **Yubico Security Key** series is the most cost-effective hardware security key with FIDO Level 2 certification[^1]. It supports FIDO2/WebAuthn and FIDO U2F, and works out of the box with most services that support a security key as a second factor, as well as many password managers.
|
||||
The **Yubico Security Key** series is the most cost-effective hardware security key with FIDO Level 2 certification[^1]. It supports FIDO2/WebAuthn and FIDO Universal 2nd Factor (U2F), and works out of the box with most services that support a security key as a second factor, as well as many password managers.
|
||||
|
||||
[:octicons-home-16: Homepage](https://yubico.com/products/security-key){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
|
||||
|
|
@ -34,10 +34,10 @@ These keys are available in both USB-C and USB-A variants, and both options supp
|
|||
This key provides only basic FIDO2 functionality, but for most people that is all you will need. Some notable features the Security Key series does **not** have include:
|
||||
|
||||
- [Yubico Authenticator](https://yubico.com/products/yubico-authenticator)
|
||||
- CCID Smart Card support (PIV-compatibile)
|
||||
- CCID Smart Card support (PIV-compatible)
|
||||
- OpenPGP
|
||||
|
||||
If you need any of those features, you should consider their higher-end [YubiKey](#yubikey) of products instead.
|
||||
If you need any of those features, you should consider their higher-end [YubiKey](#yubikey) series instead.
|
||||
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Warning</p>
|
||||
|
|
@ -54,7 +54,7 @@ The firmware of Yubico's Security Keys is not updatable. If you want features in
|
|||
{ width="400" }
|
||||
</figure>
|
||||
|
||||
The **YubiKey** series from Yubico are among the most popular security keys with FIDO Level 2 Certification[^1]. The YubiKey 5 Series has a wide range of features such as [Universal 2nd Factor (U2F)](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online), [Yubico OTP](basics/multi-factor-authentication.md#yubico-otp), [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), [OpenPGP](https://developers.yubico.com/PGP), and [TOTP and HOTP](https://developers.yubico.com/OATH) authentication.
|
||||
The **YubiKey** series from Yubico are among the most popular security keys with FIDO Level 2 Certification[^1]. The **YubiKey 5 Series** has a wide range of features such as FIDO2/WebAuthn and FIDO U2F, [TOTP and HOTP](https://developers.yubico.com/OATH) authentication, [Personal Identity Verification (PIV)](https://developers.yubico.com/PIV), and [OpenPGP](https://developers.yubico.com/PGP).
|
||||
|
||||
[:octicons-home-16: Homepage](https://yubico.com/products/yubikey-5-overview){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://yubico.com/support/terms-conditions/privacy-notice){ .card-link title="Privacy Policy" }
|
||||
|
|
@ -68,7 +68,7 @@ The [comparison table](https://yubico.com/store/compare) shows how the YubiKeys
|
|||
|
||||
YubiKeys can be programmed using the [YubiKey Manager](https://yubico.com/support/download/yubikey-manager) or [YubiKey Personalization Tools](https://yubico.com/support/download/yubikey-personalization-tools). For managing TOTP codes, you can use the [Yubico Authenticator](https://yubico.com/products/yubico-authenticator). All of Yubico's clients are open source.
|
||||
|
||||
For models which support HOTP and TOTP, there are 2 slots in the OTP interface which could be used for HOTP and 32 slots to store TOTP secrets. These secrets are stored encrypted on the key and never exposed to the devices they are plugged into. Once a seed (shared secret) is given to the Yubico Authenticator, it will only give out the six-digit codes, but never the seed. This security model helps limit what an attacker can do if they compromise one of the devices running the Yubico Authenticator and make the YubiKey resistant to a physical attacker.
|
||||
For models which [support HOTP and TOTP](https://support.yubico.com/hc/articles/360013790319-How-many-accounts-can-I-register-my-YubiKey-with), the secrets are stored encrypted on the key and never exposed to the devices they are plugged into. Once a seed (shared secret) is given to the Yubico Authenticator, it will only give out the six-digit codes, but never the seed. This security model helps limit what an attacker can do if they compromise one of the devices running the Yubico Authenticator and make the YubiKey resistant to a physical attacker.
|
||||
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Warning</p>
|
||||
|
|
@ -85,7 +85,7 @@ The firmware of YubiKey is not updatable. If you want features in newer firmware
|
|||
{ width="300" }
|
||||
</figure>
|
||||
|
||||
The **Nitrokey 3A Mini** [has FIDO Authenticator Level 1 Certification](https://www.nitrokey.com/news/2024/nitrokey-3a-mini-receives-official-fido2-certification). The Nitrokey 3 Series in general has a wide range of features such as [Universal 2nd Factor (U2F)](https://en.wikipedia.org/wiki/Universal_2nd_Factor), [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online), Personal Identity Verification (PIV), OpenPGP, and TOTP and HOTP authentication.
|
||||
**Nitrokey** has a cost-effective security key capable of FIDO2/WebAuthn and FIDO U2F called the **Nitrokey Passkey**. For support for features such as PIV, OpenPGP, and TOTP and HOTP authentication, you need to purchase one of their other keys like the **Nitrokey 3**. Currently, only the **Nitrokey 3A Mini** has [FIDO Level 1 Certification](https://nitrokey.com/news/2024/nitrokey-3a-mini-receives-official-fido2-certification).
|
||||
|
||||
[:octicons-home-16: Homepage](https://nitrokey.com){ .md-button .md-button--primary }
|
||||
[:octicons-eye-16:](https://nitrokey.com/data-privacy-policy){ .card-link title="Privacy Policy" }
|
||||
|
|
@ -95,26 +95,14 @@ The **Nitrokey 3A Mini** [has FIDO Authenticator Level 1 Certification](https://
|
|||
|
||||
</div>
|
||||
|
||||
The [comparison table](https://nitrokey.com/products/nitrokeys) shows how the different Nitrokey models compare to each other in terms of features and other specifications.
|
||||
The [comparison table](https://nitrokey.com/products/nitrokeys#:~:text=The%20Nitrokey%20Family) shows how the different Nitrokey models compare to each other in terms of features and other specifications. Refer to Nitrokey's [documentation](https://docs.nitrokey.com/nitrokeys/features) for more details about the features available on your Nitrokey.
|
||||
|
||||
Nitrokey models can be configured using the [Nitrokey app](https://nitrokey.com/download).
|
||||
|
||||
The Nitrokey 3 Series can act as a password manager. They can store up to 50 different entries, and each entry can contain login, password, comment and OTP.
|
||||
|
||||
<div class="admonition warning" markdown>
|
||||
<p class="admonition-title">Warning</p>
|
||||
|
||||
Excluding the Nitrokey 3, Nitrokeys with HOTP and TOTP storage do not have it encrypted, making them vulnerable to physical attacks.
|
||||
|
||||
</div>
|
||||
|
||||
**Nitrokey** also has the **Nitrokey Passkey**, a lower-price security key capable of [FIDO2 and WebAuthn](basics/multi-factor-authentication.md#fido-fast-identity-online). This key provides only basic FIDO2 functionality, but for most people that is all you will need. Some notable features the Security Key series does **not** have include:
|
||||
|
||||
- Password Manager
|
||||
- PIV
|
||||
- OpenPGP
|
||||
- Tamper-resistant smart card
|
||||
- TOTP and HOTP
|
||||
Excluding the Nitrokey 3, Nitrokeys which support HOTP and TOTP do not have encrypted storage, making them vulnerable to physical attacks.
|
||||
|
||||
</div>
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue