Tom Scavo

@greenmtnclub FYI: The sign that marks the upper terminus of the Sterling Pond Trail (at the junction with the Long Trail) is missing.

Yubico’s tiny YubiKey has the future of security all locked up @GlennF fastcompany.com/90373145/yubic… < interesting, accurate, and comprehensive summary of #WebAuthn and #FIDO2

Over 90 percent of @Microsoft employees are able to sign in to the network without entering a password microsoft.com/security/blog/…

@greenmtnclub On your Long Trail map (5th edition), Killington View is shown 0.5 km east of Mount Roosevelt but yesterday I took GPS coordinates at Killington View google.com/search?q=44.01… which shows the view is just 200 ft from the peak. No big deal, just FYI.

Passwordless for the Masses #fido2 kuppingercole.com/blog/balagansk…

Send this dose of tough love to any of your IT managers or CISOs that still cling to password complexity despite strong guidance from NIST or others to the contrary (it is so good, OMG): techcommunity.microsoft.com/t5/Azure-Activ…

Announcing the public preview of Azure AD support for FIDO2-based passwordless sign-in @Alex_A_Simons techcommunity.microsoft.com/t5/Azure-Activ… #FIDO2 #WebAuthn @AzureAD < tested with @FEITIAN_Tech, @Yubico, and @HIDGlobal authenticators

#SignInWithApple has become a battleground between @Apple and its competitors 9to5mac.com/2019/06/30/ope… unfortunately, everybody loses, especially users @OpenID #OIDC #SSO #privacy

Navigating Vermont's hiking trails with new app wcax.com/content/news/N… < actually, the app is not new; I started using it last year when the partnership between @greenmtnclub and @AvenzaMaps was first announced #HikeVT

Open Letter from the OpenID Foundation to Apple Regarding Sign In with Apple openid.net/2019/06/27/ope… #Apple #OpenID #Connect

@KariMattsson @Steve_Lockstep @sakuvee74 @Microsoft @FIDOAlliance We are early in the hype cycle en.wikipedia.org/wiki/Hype_cycle At this point, the success of #FIDO2 is very much a matter of expectation and belief.

@Steve_Lockstep @sakuvee74 @Microsoft @FIDOAlliance Believing does not count, sorry. Show us! Where us the support for #FIDO2?

.@Microsoft is a “huge believer in #FIDO2”. @FIDOAlliance #identiverse #passwordless

Climbed Mount Abraham (4006 ft; 1221 m), one of three peaks above the tree line in Vermont, with panoramic views of the White Mountains (NH) to the east, the Adirondack Mountains (NY) to the west, and the Green Mountains (VT) to the north (below) and south. #LongTrail #HikeVT

Draft 08 of OpenID Connect Federation 1.0 has been published #OIDC

From Burrows Trailhead, hiked the Dean Trail and the Allis Trail in Camel's Hump State Park, Vermont. #LongTrail #HikeVT #VT Here's a view of Camel's Hump (4083 ft; 1244 m) from Allis Lookout:

@LoginLlama @conorgil That's an interesting flow: username ==> #U2F ==> password. It prevents brute forcing of both the username and the password, doesn't it?

@conorgil @trscavo Nothing in the spec stops you from doing it, other than needing some sort of userID to look up the credentialID. One example that is close is what Dashlane is doing. They ask for user name then do U2F then ask for a password. The logic is that it stops brute forcing the password

I'm trying to visually represent why #2FA adoption rates are abysmally low and why it is understandable that average internet users do not enable 2FA on their accounts. Working title is "The 2FA Decision Funnel of Death". Thoughts? Feedback?

Getting #2FA Right in 2019 @securityblvd securityboulevard.com/2019/06/gettin… < good comparison of #OATH #TOTP and #WebAuthn

Hiked from Skylight Pond Trailhead to Skylight Pond in the Breadloaf Wilderness in the #GreenMountains of Vermont. Here are photos of Skylight Pond, Skyline Lodge, and a view to the east from the summit of Battell Mountain (3482 ft; 1061 m) on the #LongTrail. #HikeVT #VT

Here's a list of the flora (and butterflies) I photographed on the hike to Harrington's View in Vermont @inaturalist inaturalist.org/observations?o… the yellow birch found along the #LongTrail are quite old, I think #HikeVT

From Harrington's View on the #LongTrail in Vermont, we can see Bolton Mountain (3725 feet; 1135 meters) on the edge of the Mount Mansfield State Forest #HikeVT #VT

Medical Spending in the last 12 months of life US = ~$80K Germany = ~$52K Taiwan = ~$22K Life expectancy ~80y in all three countries. healthaffairs.org/doi/pdf/10.137…

@TokenTwo @conorgil A roaming #FIDO2-certified authenticator (something you have) that supports #CTAP2 necessarily has a pin (something you know). In other words, the authenticator is a multi-factor authenticator. If the pin is disabled, the authenticator can't be used in multi-factor mode.

@trscavo @conorgil Webauthn-only is also a broken one - if the key is lost or stolen - the account is compromised (there are fido2 keys without biometric and pin can be disabled)