Showing posts from April, 2020

Biometric Authentication

  A decade and a half ago I stood in front of a group of people talking about authentication. Mostly I was there to do a deep technical dive into Windows credential management and authentication, but as usual when I gave that presentation, someone just had to ask what I thought about biometrics.  Biometric authentication - something you are - is a bit of a misnomer. It’s not authentication. It’s identification. You are, quite literally, identifying yourself. You’ll never see a police report say “law enforcement authenticated the criminal using fingerprints left on the scene.” Identity is something you are or something you claim to be. Authentication is how you prove it. If your authentication claim is your identity then you have identified yourself, as opposed to authenticated yourself. However, when we use biometry - the statistical analysis of biological observations - the identification decision is not binary. The evaluation of a biometric identity claim is based on a confidence in

U2F, FIDO2, and Hardware Security Keys

  In our journey through possession proofs we have encountered hardware factors of various kinds. HOTP and TOTP is often implemented as hardware devices, and of course, so are Smart Cards. In this post we will look at authenticators that implement the FIDO standards -  U2F, WebAuthn, and CTAP2. WebAuthn and CTAP2 are collectively part of the FIDO Alliance ’s FIDO2 protocol suite. U2F and UAF are older FIDO protocols that are supported under FIDO2. They can all be thought of as being part of the FIDO2 suite of protocols.  To understand these protocols, and their advantages and disadvantages, we need to be familiar with the three fundamental actors: Relying party (RP) - Also known as the server. This is the service that a user wishes to log into. Client - This is the application that brokers the authentication from the relying party to the authenticator and eventually the user. Much of the time, this is a web browser, but it could be any application. Authenticator - This is a thing tha

Solving UseBasicParsing Errors in PowerShell

  Solving UseBasicParsing Errors in PowerShell April 4, 2020 Today I was trying to write some PowerShell scripts against the  Okta PowerShell Module  and ran into an error that it doesn't look like I was the only one with. The error, abbreviated, was: C:\> oktaGetUserByID -userName jesper -Verbose ... [Microsoft.PowerShell.Commands.HttpResponseException].WARNING: Encountered error, returning limited or empty set VERBOSE: This Page returned: 0, we've seen: 0 results so far VERBOSE: 0 results returned, i predict an empty page coming up, lets skip it  VERBOSE: We see no or an invalid next link of: FalsePS  Getting some more details: C:\> $Error[0..($Error.count)] Unable to find type [Microsoft.PowerShell.Commands.HttpResponseException]. At C:\<path>1:491 char:38+ ... .WebException], [Microsoft.PowerShell.Commands.HttpResponseException]+                     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~    + CategoryInfo          : InvalidOperation: (Microsoft.Po