Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.
Very true, the big issue with them is a lot of popular hardware keys, including the yubikeys that I have, are limited to the number passkeys they can store (yubikey is 25 unique). Luckily password managers are starting to support them, but now you’re back to having a strong password + hardware 2FA to store those passkeys anyway.
I do like TOTP or just hardware 2FA as a backup for my passkeys. What I really can’t stand is sties that only offer SMS as 2FA, it makes me more angry than it probably should.
Very true, the big issue with them is a lot of popular hardware keys, including the yubikeys that I have, are limited to the number passkeys they can store (yubikey is 25 unique). Luckily password managers are starting to support them, but now you’re back to having a strong password + hardware 2FA to store those passkeys anyway.
I do like TOTP or just hardware 2FA as a backup for my passkeys. What I really can’t stand is sties that only offer SMS as 2FA, it makes me more angry than it probably should.
iPhones natively support passkeys, so at the very least the iOS user base can easily use them. Not sure about Android though.