Just published 15,000+ words on security keys. 🔐📱💻

With SIM attacks at their highest, now is a great time to take a closer look at your online security.

Removing SMS from your two-factor auth is a start, but authenticator apps have downsides too...

https://t.co/Dk0MPJHL2V

Just look at these headlines from recent SIM swap and port attacks.

It's all too established for attackers to find ways to socially engineer control of your phone number and start gaining control of your accounts.

I first talk about some general security tips.
Unfortunately not all websites let you remove your phone number from accounts.

You may consider migrating your phone carrier to @googlefi , which requires email account access to do anything (and can be locked down with security keys and even Advanced Protection)
Beyond SMS, I talk about issues that TOTP authenticator apps (the code generators) have as a form of two-factor auth. They're so, so much better than relying on SMS for your second factor but they still have issues like utilizing shared secrets and lacking phishing prevention.
Enter security keys!

Utilizing public key cryptography they don't have any shared secret between the client and the server. They prevent phishing by taking the website domain into account.

Even if you get tricked by a clone phishing website, your key won't.
Keys have been around for a while under various names and technologies. Recently it was FIDO U2F + CTAP1 but now we have FIDO2 WebAuthn with CTAP2..

It's all very confusing...
Security keys are great for two-factor auth but FIDO2 has a vision for more: support for platform authenticators (like fingerprint readers and other biometrics) as well as being able to use them for "passwordless" authentication. https://t.co/qHI8n8x8m6
But this area is still nascent. Plagued by years of sub-par security key support across browsers. Things have been getting better in recent years with recently updated NFC support on iOS 13 but it's still a waiting game until things are made easier.
Which brings the question.. Why must I carry around an extra device just to be safe online?

You shouldn't. WebAuthn aims to change that.

But for now, security keys—combined with strong online security best practices—are a great way to fortify your regular online activities.
This article was so long (like all of mine) that I took the time to build this little fly-out table of contents browser 🤣
I also went out of my way to design these little security key icons in figma while I was writing this 😍 cc @Yubico

More from Tech

On Wednesday, The New York Times published a blockbuster report on the failures of Facebook’s management team during the past three years. It's.... not flattering, to say the least. Here are six follow-up questions that merit more investigation. 1/

1) During the past year, most of the anger at Facebook has been directed at Mark Zuckerberg. The question now is whether Sheryl Sandberg, the executive charged with solving Facebook’s hardest problems, has caused a few too many of her own. 2/
https://t.co/DTsc3g0hQf


2) One of the juiciest sentences in @nytimes’ piece involves a research group called Definers Public Affairs, which Facebook hired to look into the funding of the company’s opposition. What other tech company was paying Definers to smear Apple? 3/ https://t.co/DTsc3g0hQf


3) The leadership of the Democratic Party has, generally, supported Facebook over the years. But as public opinion turns against the company, prominent Democrats have started to turn, too. What will that relationship look like now? 4/

4) According to the @nytimes, Facebook worked to paint its critics as anti-Semitic, while simultaneously working to spread the idea that George Soros was supporting its critics—a classic tactic of anti-Semitic conspiracy theorists. What exactly were they trying to do there? 5/
Next.js has taken the web dev world by storm

It’s the @reactjs framework devs rave about praising its power, flexibility, and dev experience

Don't feel like you're missing out!

Here's everything you need to know in 10 tweets

Let’s dive in 🧵


Next.js is a @reactjs framework from @vercel

It couples a great dev experience with an opinionated feature set to make it easy to spin up new performant, dynamic web apps

It's used by many high-profile teams like @hulu, @apple, @Nike, & more

https://t.co/whCdm5ytuk


@vercel @hulu @Apple @Nike The team at @vercel, formerly Zeit, originally and launched v1 of the framework on Oct 26, 2016 in the pursuit of universal JavaScript apps

Since then, the team & community has grown expotentially, including contributions from giants like @Google

https://t.co/xPPTOtHoKW


@vercel @hulu @Apple @Nike @Google In the #jamstack world, Next.js pulled a hefty 58.6% share of framework adoption in 2020

Compared to other popular @reactjs frameworks like Gatsby, which pulled in 12%

*The Next.js stats likely include some SSR, arguably not Jamstack

https://t.co/acNawfcM4z


@vercel @hulu @Apple @Nike @Google The easiest way to get started with a new Next.js app is with Create Next App

Simply run:

yarn create next-app

or

npx create-next-app

You can even start from a git-based template with the -e flag

yarn create next-app -e https://t.co/JMQ87gi1ue

https://t.co/rwKhp7zlys
THREAD: How is it possible to train a well-performing, advanced Computer Vision model 𝗼𝗻 𝘁𝗵𝗲 𝗖𝗣𝗨? 🤔

At the heart of this lies the most important technique in modern deep learning - transfer learning.

Let's analyze how it


2/ For starters, let's look at what a neural network (NN for short) does.

An NN is like a stack of pancakes, with computation flowing up when we make predictions.

How does it all work?


3/ We show an image to our model.

An image is a collection of pixels. Each pixel is just a bunch of numbers describing its color.

Here is what it might look like for a black and white image


4/ The picture goes into the layer at the bottom.

Each layer performs computation on the image, transforming it and passing it upwards.


5/ By the time the image reaches the uppermost layer, it has been transformed to the point that it now consists of two numbers only.

The outputs of a layer are called activations, and the outputs of the last layer have a special meaning... they are the predictions!

You May Also Like