Forwarded from Telegram Beta
Forwarded from Telegram Beta
Forwarded from Telegram Info English (Sominemo)
Log in to Telegram via Passkeys Without Codes or Phone Numbers
In the future, Telegram plans to introduce authentication via Passkeys. The first signs of this feature have appeared in the Beta version of Telegram for Android 12.2.8.
The key advantage of Passkeys is the ability to log into your account without entering a phone number or a one-time code. This distinguishes it from logging in via email or Google / Apple ID, which serve merely as alternatives to receiving an SMS code.
A “log in using passkey” button has appeared on the app's login screen. Tapping it launches your password manager, which verifies your identity using Face ID, fingerprint, or your screen lock PIN. From it, the messenger receives your signature, which functions as your login, password, and one-time confirmation code all simultaneously.
Much like email login, this new feature will need to be pre-configured in Telegram’s security settings. The key will be saved on the phone where it was created, but it can be synced with other devices via Google Password Manager, iCloud Passwords, or other applications.
Why is this important?
• Reduced reliance on SMS: This makes logging in possible even if you don’t have active sessions and your mobile operator is blocking SMS messages from Telegram.
• Security: The Passkey is stored in a secure enclave of your password manager—it cannot be intercepted or entered on a phishing site.
• Speed: Login is performed with a single touch via biometrics (face or fingerprint). When you switch phones, the Passkey automatically syncs via your password manager using your Google account or Apple ID.
The feature is currently under development and is not yet fully functional. Stay tuned for news about Telegram Beta versions on our Beta Info channel.
#Android #beta #security
In the future, Telegram plans to introduce authentication via Passkeys. The first signs of this feature have appeared in the Beta version of Telegram for Android 12.2.8.
The key advantage of Passkeys is the ability to log into your account without entering a phone number or a one-time code. This distinguishes it from logging in via email or Google / Apple ID, which serve merely as alternatives to receiving an SMS code.
A “log in using passkey” button has appeared on the app's login screen. Tapping it launches your password manager, which verifies your identity using Face ID, fingerprint, or your screen lock PIN. From it, the messenger receives your signature, which functions as your login, password, and one-time confirmation code all simultaneously.
Much like email login, this new feature will need to be pre-configured in Telegram’s security settings. The key will be saved on the phone where it was created, but it can be synced with other devices via Google Password Manager, iCloud Passwords, or other applications.
Why is this important?
• Reduced reliance on SMS: This makes logging in possible even if you don’t have active sessions and your mobile operator is blocking SMS messages from Telegram.
• Security: The Passkey is stored in a secure enclave of your password manager—it cannot be intercepted or entered on a phishing site.
• Speed: Login is performed with a single touch via biometrics (face or fingerprint). When you switch phones, the Passkey automatically syncs via your password manager using your Google account or Apple ID.
The feature is currently under development and is not yet fully functional. Stay tuned for news about Telegram Beta versions on our Beta Info channel.
#Android #beta #security
Forwarded from Telegram Info English (Sominemo)
Passkey Notifications
Adding a crucial behavior that was absent at the launch of the feature, when a new passkey is added to your account, Telegram now sends out a notification to all your signed in devices — just like the one you get when you add a new device.
Previously, the lack of these notifications posed a security threat: attackers could silently add their passkeys to anyone's account.
The notifications will include the following information:
• Passkey provider (for example:🔒 Apple Passwords).
• Device details: app version, phone model, and OS.
• Location from which the passkey was added.
• Instructions for listing active sessions.
Important security considerations
• Also when deleting a passkey, the user will receive a notification to all its signed in devices.
• When all active sessions are terminated via «Settings › Devices», recently created access keys are automatically deleted along with the sessions. A notification about their deletions is sent afterwards.
• It's only possible to add passkeys 24 hours after signing in.
#security #authorization #passkey
Adding a crucial behavior that was absent at the launch of the feature, when a new passkey is added to your account, Telegram now sends out a notification to all your signed in devices — just like the one you get when you add a new device.
Previously, the lack of these notifications posed a security threat: attackers could silently add their passkeys to anyone's account.
The notifications will include the following information:
• Passkey provider (for example:
• Device details: app version, phone model, and OS.
• Location from which the passkey was added.
• Instructions for listing active sessions.
Important security considerations
• Also when deleting a passkey, the user will receive a notification to all its signed in devices.
• When all active sessions are terminated via «Settings › Devices», recently created access keys are automatically deleted along with the sessions. A notification about their deletions is sent afterwards.
• It's only possible to add passkeys 24 hours after signing in.
#security #authorization #passkey
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Telegram Info English (Sominemo)
Telegram May Warn Chat Partners If You Use an Unofficial Client
A new entry has been discovered in the translation string database for the official Telegram for iOS client, indicating the potential introduction of warnings when a chat partner is using a third-party messenger client.
The appearance of such a notification is likely related to the growing popularity of the Russian third-party client "Telega", which, unlike a regular proxy, sends messages to a Russian company's servers in a way that allows them to be decrypted and read there. Furthermore, Russian companies are legally obligated to store and hand over data to the FSB upon request.
The @tginfo editors assume that Telegram isn't blocking this client directly as a compromise to maintain its position in the Russian market, but is striving to mitigate reputational risks: a single chat participant with an unofficial app is enough to put the remaining users at risk.
It is unknown whether the warning will be displayed when a chat partner uses any alternative client, even one that is officially registered and follows the API ToS, or if the new feature will only affect apps that Telegram deems unreliable. @tginfo editors fear that if the new feature applies to all third-party apps, this warning could turn into visual noise.
#iOS #security
A new entry has been discovered in the translation string database for the official Telegram for iOS client, indicating the potential introduction of warnings when a chat partner is using a third-party messenger client.
"The user uses an unofficial Telegram client – messages to this user may be less secure," reads the string for translation.
The appearance of such a notification is likely related to the growing popularity of the Russian third-party client "Telega", which, unlike a regular proxy, sends messages to a Russian company's servers in a way that allows them to be decrypted and read there. Furthermore, Russian companies are legally obligated to store and hand over data to the FSB upon request.
The @tginfo editors assume that Telegram isn't blocking this client directly as a compromise to maintain its position in the Russian market, but is striving to mitigate reputational risks: a single chat participant with an unofficial app is enough to put the remaining users at risk.
It is unknown whether the warning will be displayed when a chat partner uses any alternative client, even one that is officially registered and follows the API ToS, or if the new feature will only affect apps that Telegram deems unreliable. @tginfo editors fear that if the new feature applies to all third-party apps, this warning could turn into visual noise.
#iOS #security