Johnny Than
@johnnythan@tuebingen.network
| Option | Voters |
|---|---|
| Yes / Ja | 0 (0%) |
| No / Nein | 0 (0%) |
| What is it? / Was ist das? | 0 (0%) |
#OTP
Johnny Than
@johnnythan@tuebingen.network
| Option | Voters |
|---|---|
| Yes / Ja | 0 (0%) |
| No / Nein | 0 (0%) |
| What is it? / Was ist das? | 0 (0%) |
ruby
@srxl@fedi.foxgirl.engineering
announcing: gleam2nix!
build your gleam applications with nix, and integrate them into your nix-powered workflows! run ci builds with dependency caching, deploy your apps to nixos machines, and take advantage of the wide nix ecosystem in your gleam build process!
check out the documentation at https://gleam2nix.foxgirl.engineering/
source code: https://git.isincredibly.gay/srxl/gleam2nix
#gleam #gleamlang #nix #nixos #erlangotp #otp #beam
Fraser Tweedale
@hackuador@functional.cafe
Fraser Tweedale
@hackuador@functional.cafe
洪 民憙 (Hong Minhee) 
@hongminhee@hollo.social
I'm exploring a new idea called FediOTP (codename): an authentication system that uses #ActivityPub DMs to deliver one-time passwords, allowing any #fediverse account to authenticate with web services. Unlike current solutions that rely on specific APIs (#Mastodon, #Misskey), this would work with any ActivityPub-compatible server, increasing interoperability across the fediverse. Would love to hear your thoughts on potential challenges or use cases for this approach.
洪 民憙 (Hong Minhee)
@hongminhee@hollo.social
I'm exploring a new idea called FediOTP (codename): an authentication system that uses #ActivityPub DMs to deliver one-time passwords, allowing any #fediverse account to authenticate with web services. Unlike current solutions that rely on specific APIs (#Mastodon, #Misskey), this would work with any ActivityPub-compatible server, increasing interoperability across the fediverse. Would love to hear your thoughts on potential challenges or use cases for this approach.
洪 民憙 (Hong Minhee)
@hongminhee@hollo.social
I'm exploring a new idea called FediOTP (codename): an authentication system that uses #ActivityPub DMs to deliver one-time passwords, allowing any #fediverse account to authenticate with web services. Unlike current solutions that rely on specific APIs (#Mastodon, #Misskey), this would work with any ActivityPub-compatible server, increasing interoperability across the fediverse. Would love to hear your thoughts on potential challenges or use cases for this approach.
洪 民憙 (Hong Minhee)
@hongminhee@hollo.social
I'm exploring a new idea called FediOTP (codename): an authentication system that uses #ActivityPub DMs to deliver one-time passwords, allowing any #fediverse account to authenticate with web services. Unlike current solutions that rely on specific APIs (#Mastodon, #Misskey), this would work with any ActivityPub-compatible server, increasing interoperability across the fediverse. Would love to hear your thoughts on potential challenges or use cases for this approach.
洪 民憙 (Hong Minhee)
@hongminhee@hollo.social
I'm exploring a new idea called FediOTP (codename): an authentication system that uses #ActivityPub DMs to deliver one-time passwords, allowing any #fediverse account to authenticate with web services. Unlike current solutions that rely on specific APIs (#Mastodon, #Misskey), this would work with any ActivityPub-compatible server, increasing interoperability across the fediverse. Would love to hear your thoughts on potential challenges or use cases for this approach.
洪 民憙 (Hong Minhee)
@hongminhee@hollo.social
I'm exploring a new idea called FediOTP (codename): an authentication system that uses #ActivityPub DMs to deliver one-time passwords, allowing any #fediverse account to authenticate with web services. Unlike current solutions that rely on specific APIs (#Mastodon, #Misskey), this would work with any ActivityPub-compatible server, increasing interoperability across the fediverse. Would love to hear your thoughts on potential challenges or use cases for this approach.
洪 民憙 (Hong Minhee)
@hongminhee@hollo.social
I'm exploring a new idea called FediOTP (codename): an authentication system that uses #ActivityPub DMs to deliver one-time passwords, allowing any #fediverse account to authenticate with web services. Unlike current solutions that rely on specific APIs (#Mastodon, #Misskey), this would work with any ActivityPub-compatible server, increasing interoperability across the fediverse. Would love to hear your thoughts on potential challenges or use cases for this approach.
洪 民憙 (Hong Minhee)
@hongminhee@hollo.social
I'm exploring a new idea called FediOTP (codename): an authentication system that uses #ActivityPub DMs to deliver one-time passwords, allowing any #fediverse account to authenticate with web services. Unlike current solutions that rely on specific APIs (#Mastodon, #Misskey), this would work with any ActivityPub-compatible server, increasing interoperability across the fediverse. Would love to hear your thoughts on potential challenges or use cases for this approach.
洪 民憙 (Hong Minhee)
@hongminhee@hollo.social
I'm exploring a new idea called FediOTP (codename): an authentication system that uses #ActivityPub DMs to deliver one-time passwords, allowing any #fediverse account to authenticate with web services. Unlike current solutions that rely on specific APIs (#Mastodon, #Misskey), this would work with any ActivityPub-compatible server, increasing interoperability across the fediverse. Would love to hear your thoughts on potential challenges or use cases for this approach.
洪 民憙 (Hong Minhee)
@hongminhee@hollo.social
I'm exploring a new idea called FediOTP (codename): an authentication system that uses #ActivityPub DMs to deliver one-time passwords, allowing any #fediverse account to authenticate with web services. Unlike current solutions that rely on specific APIs (#Mastodon, #Misskey), this would work with any ActivityPub-compatible server, increasing interoperability across the fediverse. Would love to hear your thoughts on potential challenges or use cases for this approach.
洪 民憙 (Hong Minhee)
@hongminhee@hollo.social · Reply to 洪 民憙 (Hong Minhee) :nonbinary:'s post
For those skeptical of DMs in #ActivityPub: I'm also considering an alternative verification approach using ActivityPub's Question feature. Instead of sending numeric codes, the system could send a poll with several emoji options, and the user would select the one that matches what's displayed on their login screen. This visual authentication method might offer better security against certain automated attacks while still leveraging federation rather than platform-specific APIs. Would this approach address some of the privacy concerns around DM-based verification?
洪 民憙 (Hong Minhee)
@hongminhee@hollo.social
I'm exploring a new idea called FediOTP (codename): an authentication system that uses #ActivityPub DMs to deliver one-time passwords, allowing any #fediverse account to authenticate with web services. Unlike current solutions that rely on specific APIs (#Mastodon, #Misskey), this would work with any ActivityPub-compatible server, increasing interoperability across the fediverse. Would love to hear your thoughts on potential challenges or use cases for this approach.
洪 民憙 (Hong Minhee)
@hongminhee@hollo.social · Reply to 洪 民憙 (Hong Minhee) :nonbinary:'s post
For those skeptical of DMs in #ActivityPub: I'm also considering an alternative verification approach using ActivityPub's Question feature. Instead of sending numeric codes, the system could send a poll with several emoji options, and the user would select the one that matches what's displayed on their login screen. This visual authentication method might offer better security against certain automated attacks while still leveraging federation rather than platform-specific APIs. Would this approach address some of the privacy concerns around DM-based verification?
洪 民憙 (Hong Minhee)
@hongminhee@hollo.social
I'm exploring a new idea called FediOTP (codename): an authentication system that uses #ActivityPub DMs to deliver one-time passwords, allowing any #fediverse account to authenticate with web services. Unlike current solutions that rely on specific APIs (#Mastodon, #Misskey), this would work with any ActivityPub-compatible server, increasing interoperability across the fediverse. Would love to hear your thoughts on potential challenges or use cases for this approach.
洪 民憙 (Hong Minhee)
@hongminhee@hollo.social
I'm exploring a new idea called FediOTP (codename): an authentication system that uses #ActivityPub DMs to deliver one-time passwords, allowing any #fediverse account to authenticate with web services. Unlike current solutions that rely on specific APIs (#Mastodon, #Misskey), this would work with any ActivityPub-compatible server, increasing interoperability across the fediverse. Would love to hear your thoughts on potential challenges or use cases for this approach.
洪 民憙 (Hong Minhee)
@hongminhee@hollo.social
I'm exploring a new idea called FediOTP (codename): an authentication system that uses #ActivityPub DMs to deliver one-time passwords, allowing any #fediverse account to authenticate with web services. Unlike current solutions that rely on specific APIs (#Mastodon, #Misskey), this would work with any ActivityPub-compatible server, increasing interoperability across the fediverse. Would love to hear your thoughts on potential challenges or use cases for this approach.
Em :official_verified:
@Em0nM4stodon@infosec.exchange
New Privacy Guides article 🔑✨
by me:
If you are using a YubiKey,
you might get in some situations where you need to reset your key to factory default, and/or set up a backup of it on a spare key.
This tutorial will guide you
through each step to reset and back up your YubiKey successfully, with clear instructions and plenty of visual support.
I hope you find it helpful!
https://www.privacyguides.org/articles/2025/03/06/yubikey-reset-and-backup/
#PrivacyGuides #Privacy #Yubico #YubiKey #Security #OTP #OpenPGP #Encryption #MFA
ALT text details
Photo of a YubiKey security key on a table between a MacBook computer and a cellphone.Em :official_verified:
@Em0nM4stodon@infosec.exchange
New Privacy Guides article 🔑✨
by me:
If you are using a YubiKey,
you might get in some situations where you need to reset your key to factory default, and/or set up a backup of it on a spare key.
This tutorial will guide you
through each step to reset and back up your YubiKey successfully, with clear instructions and plenty of visual support.
I hope you find it helpful!
https://www.privacyguides.org/articles/2025/03/06/yubikey-reset-and-backup/
#PrivacyGuides #Privacy #Yubico #YubiKey #Security #OTP #OpenPGP #Encryption #MFA
ALT text details
Photo of a YubiKey security key on a table between a MacBook computer and a cellphone.
Konstantin 
@kpwn@infosec.exchange
🚧 Brute-Forcing One-Time Passwords 🚧
My last two threads discussed the probability of brute-forcing OTPs, how to do it effectively and how to defend against attacks.
Here is an overview of the topics covered:
1. Bernoulli Processes 🧮
https://infosec.exchange/@kpwn/110520985360492457
2. Increasing and Decreasing Probabilities 🤞
https://infosec.exchange/@kpwn/110561329301840527
Here's everything compiled into a blog post 📰
https://kpwn.de/2023/06/brute-forcing-one-time-passwords/
Do you find my content valuable?
🔔 Follow me for more web security content.
🔁 Also, boost this toot to spread the word!
#Infosec #CyberSecurity #BugBounty #Pentesting #Hacking #Passwords #OTP #Authentication