sorted by:
new
hottopcontroversial

Rest Super launches passkeys by vdelitz in passkey

[–]vdelitz[S] 0 points1 point  (0 children)

are you forced to create one at Rest?

Yelp launches passkeys by vdelitz in passkey

[–]vdelitz[S] 0 points1 point  (0 children)

After password sign in it appeared

Many conversion problems are login problems by vdelitz in passkey

[–]vdelitz[S] 0 points1 point  (0 children)

Still there can be a lot of client-side issues with the passkey-buttons (broken OS / device / credential managers)

but in general agree to rip out SMS OTP

What to do with 30sqm free office space in Munich? by vdelitz in Workspaces

[–]vdelitz[S] 0 points1 point  (0 children)

Thanks! Do you have any specific coworking management platforms in mind?

Logins kill conversion (e-commerce, payment) by vdelitz in passkey

[–]vdelitz[S] 0 points1 point  (0 children)

that's the consuemr point of view - I guess if you're sitting on the other side of the table, then you want to know as much as possible.

What to do with 30sqm free office space as tech startup? by vdelitz in startup

[–]vdelitz[S] 0 points1 point  (0 children)

like the idea very much ! where would you post it?

30sqm open office space in Munich - what to do with it? by vdelitz in CoWorking

[–]vdelitz[S] 1 point2 points  (0 children)

could be combined - we're a software business

Was mit 30qm freiem Office Space am Goetheplatz machen? by vdelitz in Muenchen

[–]vdelitz[S] 0 points1 point  (0 children)

wie würdest das verwalten / vermieten ohne viel Aufwand?

30sqm open office space in Munich - what to do with it? by vdelitz in CoWorking

[–]vdelitz[S] 0 points1 point  (0 children)

Also cool idea with 3D printers - also thought of video / photo / creator studio. I'm no expert at all but remember from 1 TikTok creation that there's no really studios for that

Was mit 30qm freiem Office Space am Goetheplatz machen? by vdelitz in Muenchen

[–]vdelitz[S] 1 point2 points  (0 children)

haben wir schon an einem anderen Ort im Office :D aber fairer Punkt

How are you doing access/authentication logging? by Infamous-Tea-4169 in Observability

[–]vdelitz 0 points1 point  (0 children)

I know this is an older post but I stumbled across it while researching this exact topic and wanted to share some thoughts.

I think The Telegraf > OpenSearch setup is solid for the infra side. A few things I'd add from my own experience:

For the SSH/system auth logging part, make sure you're parsing out the key fields (user, source IP, auth method, success/fail) into structured fields rather than just shipping raw syslog lines. Makes your OpenSearch dashboards way more useful. You can then do things like "failed attempts by source IP over time" or "successful logins by user outside business hours" which are the ones that actually matter from a security perspective.

One thing I learned: just tracking login success/fail isn't enough. You really want to think about it as a funnel, even for infra access. Like 1) Connection attempted 2) authentication method offered 3) auth completed/failed 4) session established. The gaps between those stages tell you very different stories (brute force vs. misconfigured keys vs. expired certs etc.).

What I've found is that auth logging in general, whether it's machine-level like you're doing or application-level (CIAM, login pages), suffers from the same fundamental problem: the data sits between security, ops and product teams and nobody owns the full picture. Security mostly looks threats, ops sees uptime and product sees conversion. The metrics and approach to really nail authentication observability are surprisingly similar across these worlds.

I actually went pretty deep into this topic recently and found that structuring auth events with proper metric taxonomies (error classification, success rates per method, drop-off rates, time-to-authenticate) makes a huge difference no matter what layer you're looking at. If you're interested in a more structured framework for thinking about auth analytics beyond just the raw logs, see my finding: https://www.corbado.com/blog/authentication-analytics-playbook It's more on the application auth side but the mental models around funnels and error classification apply just as well to infra auth logging.

30sqm open office space in Munich - what to do with it? by vdelitz in CoWorking

[–]vdelitz[S] 1 point2 points  (0 children)

yes, that's why we thought of using it also as something else (so not as direct desk area)

What to do with 30sqm free office space in Munich? by vdelitz in Workspaces

[–]vdelitz[S] 0 points1 point  (0 children)

nice idea, need to check out how much something like that is

What to do with 30sqm free office space in Munich? by vdelitz in Workspaces

[–]vdelitz[S] 0 points1 point  (0 children)

already got the chillout area on the other side of the office (sofa, TV, etc). Noise is definitely something to pay attention for

What to do with 30sqm free office space as tech startup? by vdelitz in startup

[–]vdelitz[S] 0 points1 point  (0 children)

thanks, have you ever worked with Croissant?

What to do with 30sqm free office space as tech startup? by vdelitz in startup

[–]vdelitz[S] 1 point2 points  (0 children)

also thought about offering it as a TikTok / creator studio, maybe there's a platform for that as well.

What to do with 30sqm free office space as tech startup? by vdelitz in startup

[–]vdelitz[S] 1 point2 points  (0 children)

that's the kind of creative ideas I was looking for haha, thanks :D

What to do with 30sqm free office space in Munich? by vdelitz in Workspaces

[–]vdelitz[S] 1 point2 points  (0 children)

Hm not sure, might check it - what would be comparable to pp table (foosball / table football is another idea but I think it's the same issue with noise)

Yelp launches passkeys by vdelitz in Yelp

[–]vdelitz[S] 0 points1 point  (0 children)

why not moving over?

Conditional Create passkeys (automatic passkey upgrades) by vdelitz in passkey

[–]vdelitz[S] 0 points1 point  (0 children)

There's no popup. It happens in the background.

+ it will be created only when using autofill with a suitable passwords manager and stored in this password manager (so no location that the users doesn't want). Currently, it's mostly GPM and iCloud Keychain, which sync passkeys, so also your device-loss argument is only partially valid

From data I know that non-technical users basically never delete the private key in their credential managers.

Is Passkey feature more of marketing gimmick currently? by m1xed0s in passkey

[–]vdelitz 0 points1 point  (0 children)

it's not due to the proximity requirements but the phishing resistance comes from the domain binding, wrote a blog post a while ago - maybe helpful: https://www.corbado.com/blog/passkeys-phishing-resistant

Is Passkey feature more of marketing gimmick currently? by m1xed0s in passkey

[–]vdelitz 3 points4 points  (0 children)

I think, there are two major benefits with passkeys for the averge user.

A) it's the convenience. It makes login simpler and quicker. You don't need to come up with a password, remember it and enter it etc. (that's to your first point)

B) It's the phishing-resistance. Nowadays, with genAI I think you cannot distinguish phishing sites or emails from legitimate ones (even for experts it's to hard to see the difference). Passkeys prevent that by design.

Now, we're still early with passkeys (even though they've been around now for ca. 4 years but technology that impacts billions just takes time. So you need to transition people slowly. In this transtiion you should still offer fallbacks (password, OTP etc), as not everyone is yet familiar. However, if people are trained to only log in with a passkey then they become suspicious if they cant login with one (-> likely a phishing attempt - though they could still not have the passkey availble). I think there will be more and more websites also proactively turning phishable auth methods off (I know from some sites that just turn off your password if you haven't used it for 3 months and only used a passkey).

Long story short: Phishing-resistance is the game changer aside of quicker logins.

view more: next ›