Our great sponsors
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
-
pastebin-scraper
Pastebin-scraper tool leverages the API of https://psbdmp.ws/ to find emails/domains dumped in pastebin. (by streaak)
-
nitrokey-fido2-firmware
FIDO2 USB token optimized for security, extensibility, and style. A fork of Solo key.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
You can store them in the Secure Enclave on OSX and require TouchID to use the key for signing.
See: https://github.com/maxgoedjen/secretive
You can check this guide: https://github.com/drduh/YubiKey-Guide
> First I've heard of this. Do you have some links where I can read more about this?
Sure, the comparison table on the Nitrokey site[1] is probably sufficient.
Anything without a green tick next to "tamper-resistant smart card" is a software implementation with the associated risks (e.g. firmware updates are available[2] - i.e. if you can update the firmware then you've also got a low-level attack vector for miscreants).
Meanwhile all YubiKeys are hardware backed and it has never been possible to update firmware on them.
[1] https://www.nitrokey.com/#comparison
https://github.com/rupor-github/win-gpg-agent/blob/main/docs...
Don’t forget this diagram of all the agents, protocols and bridges you might hit on Windows.