Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.
Very true, the big issue with them is a lot of popular hardware keys, including the yubikeys that I have, are limited to the number passkeys they can store (yubikey is 25 unique). Luckily password managers are starting to support them, but now you’re back to having a strong password + hardware 2FA to store those passkeys anyway.
I do like TOTP or just hardware 2FA as a backup for my passkeys. What I really can’t stand is sties that only offer SMS as 2FA, it makes me more angry than it probably should.
Very true, the big issue with them is a lot of popular hardware keys, including the yubikeys that I have, are limited to the number passkeys they can store (yubikey is 25 unique). Luckily password managers are starting to support them, but now you’re back to having a strong password + hardware 2FA to store those passkeys anyway.
I do like TOTP or just hardware 2FA as a backup for my passkeys. What I really can’t stand is sties that only offer SMS as 2FA, it makes me more angry than it probably should.