When you set up a YubiKey, you get two main options: register it as a security key, or save a passkey on it. Both are phishing-resistant, both use the same crypto under the hood. So what's the actual difference, and which one should you use? This article breaks down what each mode is, what it does inside your authentication flow, and which setup is the strongest. If you
The crypto industry has gotten better at auditing code. But the devices the code runs on are still underprotected. A compromised device is the cleanest path to a compromised key. If the device signing transactions or holding seeds hasn't installed its security updates, is sending out data it doesn't need to, has more services running than it actually uses, or was never properly cleaned, none of
We're proud to share that Opsek's founder, Pablo Sabbatella, has been elected to the Arbitrum Security Council. Pablo is one of the six members chosen by the Arbitrum DAO community in the March 2026 election. The Security Council is a 12-member body elected by the Arbitrum DAO, responsible for managing risk across the Arbitrum ecosystem. In practice, that means making time-sensitive decisions to protect the network:
On May 5 in Miami, our founder Pablo Sabbatella will be at Solana Accelerate alongside Isaac Patka (Shield3) for 1:1 security office hours, hosted by SEAL, the Security Alliance.
TheDAO Fund finished announcing the 200 holders of the ETHSecurity Badge today. Pablo Sabbatella, founder of Opsek, is one of them. The badges are TheDAO Fund's mechanism for deciding how its security endowment gets allocated. Two hundred practitioners, selected over several batches against a public rubric, vote on which projects, teams, and tools receive funding. It's the closest thing Ethereum has produced to a credentialed electorate
A recap and takeaways of some stuff we talked about some days ago during the "Don't Get Rekt" episode 4 "THE OPSEC WAKEUP CALL" by RektHQ with @officer_secret: DPRK, Operational security, physical security and kidnappings, Bybit, hardware wallets, and more. Current status of web3 security: 99% of stolen funds are not due to smart contract hacks anymore, but Operational security issues, this means
This article is not meant to be an exhaustive checklist, but some of the most common mistakes we find when auditing password managers in web3 organizations, and how they can be fixed. For this example we will be fusing in 1Password, but this applies to all password managers. * Not configuring 2FA as mandatory for users to login into their 1Password accounts. The password manager is one of the most important
How the software supply chain actually works in modern development? Software development today is layered: your code depends on libraries, those libraries depend on others, your CI system pulls everything automatically, and the final bundle gets shipped to users. In this structure, the “supply chain” in software is not about physical parts, but about the chain of trust in software artifacts, source, builds, and distribution. In crypto ecosystems, where user
Subscribe to get the latest updates, straight to your inbox.