Projet

Général

Profil

Authentification » Historique » Version 82

Laurent GUERBY, 21/11/2018 08:17

1 1 Laurent GUERBY
{{>toc}}
2 1 Laurent GUERBY
3 1 Laurent GUERBY
h1. Authentification
4 1 Laurent GUERBY
5 25 Laurent GUERBY
h2. Liens
6 25 Laurent GUERBY
7 80 Laurent GUERBY
https://hacks.mozilla.org/2018/10/dweb-identity-for-the-decentralized-web-with-indieauth/
8 80 Laurent GUERBY
https://aaronparecki.com/2018/07/07/7/oauth-for-the-open-web
9 80 Laurent GUERBY
https://indieweb.org/How_is_IndieAuth_different_from_OpenID_Connect
10 80 Laurent GUERBY
https://twitter.com/balloob/status/1015740688695250946
11 80 Laurent GUERBY
12 75 Laurent GUERBY
https://krebsonsecurity.com/2018/07/google-security-keys-neutered-employee-phishing/
13 75 Laurent GUERBY
https://tech.slashdot.org/story/18/07/23/1944236/none-of-googles-85000-employees-have-been-phished-in-more-than-a-year-after-company-required-them-to-use-physical-security-keys-for-2fa
14 75 Laurent GUERBY
https://twofactorauth.org/
15 75 Laurent GUERBY
https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/
16 76 Laurent GUERBY
https://blog.mozilla.org/blog/2018/05/09/firefox-gets-down-to-business-and-its-personal/
17 77 Laurent GUERBY
https://hacks.mozilla.org/2018/01/using-hardware-token-based-2fa-with-the-webauthn-api/
18 78 Laurent GUERBY
http://tomu.im/
19 75 Laurent GUERBY
20 82 Laurent GUERBY
https://it.slashdot.org/story/18/11/20/1917253/microsoft-now-lets-you-log-into-outlook-skype-xbox-live-with-no-password
21 82 Laurent GUERBY
22 79 Laurent GUERBY
https://linuxfr.org/news/gnuk-neug-fst-01-entre-cryptographie-et-materiel-libre
23 79 Laurent GUERBY
24 3 Laurent GUERBY
https://en.wikipedia.org/wiki/YubiKey
25 1 Laurent GUERBY
26 66 Laurent GUERBY
https://0day.work/using-a-yubikey-for-gpg-and-ssh/
27 66 Laurent GUERBY
28 54 Laurent GUERBY
https://tech.slashdot.org/story/17/10/01/2130249/google-plans-upgrade-of-two-factor-authentication-for-politicians-and-ceos
29 54 Laurent GUERBY
30 62 Laurent GUERBY
https://www.evilsocket.net/2017/12/07/DIY-Portable-Secrets-Manager-with-a-RPI-Zero-and-the-ARC-Project/
31 62 Laurent GUERBY
32 55 Laurent GUERBY
https://lwn.net/Articles/734767/
33 55 Laurent GUERBY
Strategies for offline PGP key storage
34 55 Laurent GUERBY
35 68 Laurent GUERBY
https://blog.cloudflare.com/how-developers-got-password-security-so-wrong/
36 68 Laurent GUERBY
37 67 Laurent GUERBY
https://www.crowdsupply.com/sutajio-kosagi/tomu
38 67 Laurent GUERBY
39 73 Laurent GUERBY
https://www.tartarefr.eu/remplacer-les-mots-de-passe-par-linsertion-dune-cle-usb/
40 73 Laurent GUERBY
41 60 Laurent GUERBY
https://lwn.net/Articles/736231/
42 60 Laurent GUERBY
A comparison of cryptographic keycards
43 60 Laurent GUERBY
44 69 Laurent GUERBY
https://lwn.net/Articles/750430/
45 69 Laurent GUERBY
Free Nitrokey cryptographic cards for kernel developers
46 69 Laurent GUERBY
47 74 Laurent GUERBY
https://anarc.at/blog/2017-10-26-comparison-cryptographic-keycards/
48 74 Laurent GUERBY
49 72 Laurent GUERBY
https://mozilla-lockbox.github.io/
50 72 Laurent GUERBY
51 70 Laurent GUERBY
https://www.nextinpact.com/news/106385-connexion-securisee-api-webauthn-presque-finalisee-premiere-yubikey-fido2.htm
52 71 Laurent GUERBY
https://linode.com/docs/security/authentication/use-one-time-passwords-for-two-factor-authentication-with-ssh-on-ubuntu-16-04-and-debian-8/
53 71 Laurent GUERBY
https://support.yubico.com/support/solutions/articles/15000006444-losing-your-yubikey
54 70 Laurent GUERBY
55 63 Laurent GUERBY
https://hackaday.com/2017/12/14/using-gmail-with-oauth2-in-linux-and-on-an-esp8266/
56 63 Laurent GUERBY
57 61 Laurent GUERBY
https://www.imperialviolet.org/2017/10/08/securitykeytest.html
58 61 Laurent GUERBY
Testing Security Keys (08 Oct 2017)
59 61 Laurent GUERBY
60 61 Laurent GUERBY
https://github.com/hillbrad/U2FReviews#u2freviews
61 61 Laurent GUERBY
62 65 Laurent GUERBY
https://hackaday.com/2018/01/04/two-factor-authentication-with-the-esp8266/
63 65 Laurent GUERBY
64 56 Laurent GUERBY
https://hackaday.com/2017/10/16/inside-two-factor-authentication-apps
65 56 Laurent GUERBY
66 59 Laurent GUERBY
https://www.nextinpact.com/brief/protonmail-proposera-sa-propre-cle-de-securite-u2f-789.htm
67 59 Laurent GUERBY
68 47 Laurent GUERBY
https://www.crowdsupply.com/nth-dimension/signet
69 48 Laurent GUERBY
$39 kicad design
70 1 Laurent GUERBY
71 64 Laurent GUERBY
https://www.libre-parcours.net/post/comment-je-gere-mes-mots-de-passe/
72 64 Laurent GUERBY
73 57 Laurent GUERBY
https://protonmail.com/blog/encrypted_email_authentication/
74 57 Laurent GUERBY
https://tools.ietf.org/html/rfc2945
75 58 Laurent GUERBY
   The SRP Authentication and Key Exchange System Secure Remote Password (SRP)
76 57 Laurent GUERBY
77 57 Laurent GUERBY
78 48 Laurent GUERBY
https://www.crowdsupply.com/third-pin/pastilda
79 48 Laurent GUERBY
   $50 middle USB in out
80 48 Laurent GUERBY
   pas vraiment de design file dispo ?
81 48 Laurent GUERBY
   https://bitbucket.org/thirdpin_team/pastilda
82 48 Laurent GUERBY
   old https://github.com/thirdpin/pastilda
83 48 Laurent GUERBY
   
84 50 Laurent GUERBY
https://www.ory.am/run-oauth2-server-open-source-api-security.html
85 49 Laurent GUERBY
https://github.com/ory/hydra
86 49 Laurent GUERBY
   Oauth2 high performance
87 48 Laurent GUERBY
88 53 Laurent GUERBY
https://www.owasp.org/index.php/Authentication_Cheat_Sheet
89 53 Laurent GUERBY
  The Open Web Application Security Project
90 53 Laurent GUERBY
91 1 Laurent GUERBY
https://github.com/conorpp/u2f-zero
92 1 Laurent GUERBY
U2F Zero
93 1 Laurent GUERBY
U2F Zero is an open source U2F token for 2 factor authentication. It is implemented securely. It works with Google accounts, Github, Duo, OpenSSH, and anything else supporting U2F.
94 23 Laurent GUERBY
http://hackaday.com/2017/01/17/shmoocon-2017-the-ins-and-outs-of-manufacturing-and-selling-hardware/
95 36 Laurent GUERBY
https://www.u2fzero.com/
96 2 Laurent GUERBY
97 51 Laurent GUERBY
https://plus.google.com/+LaurenWeinstein/posts/avKcX7QmASi
98 51 Laurent GUERBY
Do I really need to bother with Google's 2-Step Verification system? I don't need more hassle and my passwords are pretty good.
99 51 Laurent GUERBY
100 52 Laurent GUERBY
https://lauren.vortex.com/2017/06/10/google-users-who-want-to-use-2-factor-protections-but-dont-understand-how
101 52 Laurent GUERBY
102 52 Laurent GUERBY
103 38 Laurent GUERBY
https://it.slashdot.org/story/17/05/04/218210/google-was-warned-about-this-weeks-mass-phishing-email-attack-six-years-ago
104 39 Laurent GUERBY
https://oauth.net/
105 41 Laurent GUERBY
https://arstechnica.com/security/2017/05/thieves-drain-2fa-protected-bank-accounts-by-abusing-ss7-routing-protocol/
106 38 Laurent GUERBY
107 12 Laurent GUERBY
http://arstechnica.com/security/2016/12/this-low-cost-device-may-be-the-worlds-best-hope-against-account-takeovers/
108 12 Laurent GUERBY
https://en.wikipedia.org/wiki/Universal_2nd_Factor
109 13 Laurent GUERBY
https://it.slashdot.org/story/16/12/24/0037256/u2f-security-keys-may-be-the-worlds-best-hope-against-account-takeovers
110 13 Laurent GUERBY
https://shop.nitrokey.com/shop/product/nitrokey-u2f-5
111 13 Laurent GUERBY
https://homepages.laas.fr/matthieu/talks/token-capitoul.pdf
112 14 Matthieu Herrb
https://github.com/ruimarinho/yubikey-handbook
113 37 Matthieu Herrb
https://research.kudelskisecurity.com/2017/04/28/configuring-yubikey-for-gpg-and-u2f/
114 81 Matthieu Herrb
https://infosec-handbook.eu/blog/yubico-security-key-nitrokey-u2f/
115 12 Laurent GUERBY
116 7 Laurent GUERBY
http://hackaday.com/2016/09/29/taking-a-u2f-hardware-key-from-design-to-production/
117 7 Laurent GUERBY
118 1 Laurent GUERBY
https://m.nextinpact.com/news/102201-clefs-gpg-comment-stocker-et-utiliser-via-clef-usb-openpgp-card.htm
119 30 Guilhem Saurel
https://www.palkeo.com/sys/yubikey.html
120 29 Laurent GUERBY
121 24 Laurent GUERBY
http://www.limpkin.fr/index.php?post/2017/01/13/A-Mass-Programming-Bench-for-ATMega32u4-MCUs
122 40 Laurent GUERBY
123 40 Laurent GUERBY
https://www.themooltipass.com/
124 24 Laurent GUERBY
https://www.indiegogo.com/projects/mooltipass-open-source-offline-password-keeper
125 24 Laurent GUERBY
https://www.kickstarter.com/projects/limpkin/mooltipass-mini-your-passwords-on-the-go
126 24 Laurent GUERBY
127 2 Laurent GUERBY
https://raymii.org/s/articles/Get_Started_With_The_Nitrokey_HSM.html#SSH_Keys_with_the_HSM
128 2 Laurent GUERBY
129 16 Laurent GUERBY
https://media.ccc.de/v/33c3-8314-bootstraping_a_slightly_more_secure_laptop
130 16 Laurent GUERBY
131 15 Laurent GUERBY
https://portier.github.io/
132 15 Laurent GUERBY
133 2 Laurent GUERBY
https://sec2016.rmll.info/programme/#usb-armory
134 2 Laurent GUERBY
https://sec2016.rmll.info//files/
135 1 Laurent GUERBY
https://sec2016.rmll.info//files/20160704-02-Barisani-forging_the_usb_armory.pdf
136 48 Laurent GUERBY
https://www.crowdsupply.com/inverse-path/usb-armory
137 48 Laurent GUERBY
  $130
138 48 Laurent GUERBY
  kicad https://github.com/inversepath/usbarmory/tree/master/hardware
139 4 Laurent GUERBY
140 4 Laurent GUERBY
http://keithp.com/blogs/chaoskey/
141 4 Laurent GUERBY
http://saimei.acc.umu.se/pub/debian-meetings/2016/debconf16/Chaoskey_A_Hardware_Random_Number_Generator_for_Everyone.webm
142 5 Laurent GUERBY
143 5 Laurent GUERBY
http://www.nextinpact.com/news/100871-choisir-bon-mot-passe-regles-a-connaitre-pieges-a-eviter.htm
144 5 Laurent GUERBY
http://www.nextinpact.com/news/96167-u2f-double-authentification-par-clef-usb-se-repand-et-debarque-dans-dropbox.htm
145 6 Laurent GUERBY
https://forum.nextinpact.com/topic/157193-bien-g%C3%A9rer-ses-mots-de-passe/
146 5 Laurent GUERBY
https://fidoalliance.org/
147 18 Laurent GUERBY
https://blog.adafruit.com/2017/01/04/new-product-fido-u2f-security-key-u2f-usb-two-step-authentication-security/
148 19 Laurent GUERBY
https://www.ledgerwallet.com/products/12-ledger-nano-s
149 8 Laurent GUERBY
150 8 Laurent GUERBY
https://www.entrouvert.com/fr/identite-numerique/authentic-2/
151 9 Laurent GUERBY
152 9 Laurent GUERBY
153 9 Laurent GUERBY
https://indico.mathrice.fr/event/27/contribution/13/material/slides/0.pdf
154 9 Laurent GUERBY
Principe de fonctionnement OAuth2
155 10 Laurent GUERBY
156 10 Laurent GUERBY
http://blog.hansenpartnership.com/using-your-tpm-as-a-secure-key-store/
157 10 Laurent GUERBY
https://blog.filippo.io/giving-up-on-long-term-pgp/
158 11 Laurent GUERBY
159 11 Laurent GUERBY
https://www.ledgerwallet.com/products/12-ledger-nano-s 
160 11 Laurent GUERBY
https://github.com/LedgerHQ 
161 11 Laurent GUERBY
https://www.ledgerwallet.com/products/9-ledger-blue
162 17 Laurent GUERBY
163 17 Laurent GUERBY
http://digiposte.fr
164 17 Laurent GUERBY
edf, gdf, impots, assurances en auto via un id (?)
165 17 Laurent GUERBY
tu peux récupérer un zip des dossiers
166 20 Laurent GUERBY
167 20 Laurent GUERBY
168 20 Laurent GUERBY
https://lauren.vortex.com/2017/01/05/biting-the-bullet-its-time-to-require-2-factor-verified-logins
169 21 Laurent GUERBY
https://cloud.google.com/security/security-design/
170 22 Laurent GUERBY
https://github.com/google/key-transparency
171 27 Laurent GUERBY
https://www.facebook.com/notes/facebook-security/security-key-for-safer-logins-with-a-touch/10154125089265766
172 25 Laurent GUERBY
173 28 Laurent GUERBY
https://tech.slashdot.org/story/17/01/30/2023249/facebooks-new-tool-looks-to-replace-traditional-two-factor-authentication
174 28 Laurent GUERBY
https://www.facebook.com/notes/protect-the-graph/improving-account-security-with-delegated-recovery/1833022090271267
175 28 Laurent GUERBY
176 31 Laurent GUERBY
https://keybase.io/blog/keybase-chat
177 31 Laurent GUERBY
178 32 Laurent GUERBY
https://arstechnica.com/gadgets/2017/02/no-key-no-login-g-suite-admins-can-now-make-fido-security-keys-mandatory/
179 32 Laurent GUERBY
180 33 Matthieu Herrb
https://chown.me/blog/my-recent-journey-with-2FA.html
181 33 Matthieu Herrb
182 34 Laurent GUERBY
https://korben.info/keybox-console-centraliser-vos-acces-ssh.html
183 34 Laurent GUERBY
http://sshkeybox.com/
184 34 Laurent GUERBY
185 42 Laurent GUERBY
https://github.com/lipp/login-with
186 42 Laurent GUERBY
187 43 Laurent GUERBY
https://blog.plan99.net/building-account-systems-f790bf5fdbe0
188 43 Laurent GUERBY
https://www.troyhunt.com/passwords-evolved-authentication-guidance-for-the-modern-era/
189 44 Laurent GUERBY
https://www.troyhunt.com/password-managers-dont-have-to-be-perfect-they-just-have-to-be-better-than-not-having-one/
190 45 Laurent GUERBY
https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
191 45 Laurent GUERBY
https://blogs.dropbox.com/tech/2016/09/how-dropbox-securely-stores-your-passwords/
192 46 Laurent GUERBY
https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/
193 43 Laurent GUERBY
194 25 Laurent GUERBY
h2. Passwords
195 25 Laurent GUERBY
196 26 Guilhem Saurel
https://www.passwordstore.org/
197 25 Laurent GUERBY
https://keepassxreboot.github.io/project
198 35 Laurent GUERBY
https://ask.slashdot.org/story/17/03/08/212244/ask-slashdot-should-you-use-password-managers