|
Want to watch Philadelphia play Kansas City? Here's everything you need to stream Sunday's 4:25 p.m. ET game on Fox.
|
RELATED ARTICLES | | |
|
 iOS 26 will be widely released tomorrow, but the new feature that lets you add a digital version of your U.S. passport to Apple's Wallet app is still not available.
|
|
It turns out a lot of people don't understand passkeys.
I learned this after last week's show, when people on our Discord server began chatting about our recap of best practices for online security.
Our group brought up plenty of technical points, being the awesome nerds they are. But as the conversation unfolded, misconceptions cropped up about passkeys and how they work. That surprised me—as did learning more than one of my colleagues doesn't quite get them, either.
I ended up following up on the topic this week, in one of my longest-ever responses during a Q&A segment. I spent a lot of time preparing the breakdown, which covers a very simple overview of asymmetrical public-private encryption keys (aka public-key encryption), then dives into nuances of what passkeys do and don't protect against.
This deeper look got me thinking. Typically, more tech knowledge simplifies problems. You can figure out solutions faster and more efficiently. The familiarity helps you know which details to prioritize and which to disregard.
This instance is a rare occurrence of the opposite—where familiarity breeds a demand for perfection.
One common criticism of passkeys
|
|
As Microsoft revealed tidbits of its post-mortem investigation into a Chinese attack against US government agencies via Microsoft, two details stand out: the company violated its own policy and did not store security keys within a Hardware Security Module (HSM) — and the keys were successfully used by attackers even though they had expired years earlier.
This is simply the latest example of Microsoft quietly cutting corners on cybersecurity and then only telling anyone when it gets caught.
To read this article in full, please click here
|
|
