I wrote this blog thingo about what I learned last year trying to secure Congressional campaigns. https://idlewords.com/2019/05/what_i_learned_trying_to_secure_congressional_campaigns.htm …
-
Show this thread
-
UPDATE: I've now heard from five people who are working on an app to fix politics and would like an hour of my time
7 replies 2 retweets 116 likesShow this thread -
This Tweet is unavailable.
-
Replying to @Pinboard
We're not deprecating U2F. We worked with others at the W3C to define a cross-browser API to replace the hacky postMessage thing that's in Chromium. It fully supports U2F authenticators and people should start using it rather than postMessage.
1 reply 1 retweet 19 likes -
In fact, the postMessage interface is now just a wrapper around the W3C standard ("WebAuthn") so sites are already using it, but by going via postMessage they make it harder for other browsers to support.
2 replies 1 retweet 7 likes -
Replying to @agl__
Thank you for the clarification! If existing keys won't have to be re-registered and the transition will be invisible for the few people we badgered into using this stuff, then it is a step forward and I owe you a box of donuts.
1 reply 0 retweets 8 likes -
Replying to @Pinboard
Please just continue the badgering! If you have thoughts about how things could change such that less badgering is required I'd be keen to hear them. (I know that the consumer story for recovery isn't great, for example, but ideas in that space are inchoate. )
1 reply 1 retweet 5 likes -
Replying to @agl__
I think the big missing piece is better documentation for Google users. A short video would work wonders! Make the docs team watch regular people try to obtain and install a security key based on Google's existing documentation.
1 reply 1 retweet 4 likes
Apart from that, sorry for misconstruing your tweet and thank you for the work you do (including the very fun review of hardware keys)
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.