Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)E

Encrypt-Keeper

@ EncryptKeeper @lemmy.world

Posts
6
Comments
1461
Joined
3 yr. ago

  • Passwords have problems, but passkeys have more

    Jump

  • I mean you don’t have to authenticate your passkey with biometrics, you can use a password.

    I guess I’m not really picking up on what the benefit is you’re going for. You already have a What You Have and a What You Know or What You Are, and you want a second What You Also Have thrown in there. I mean, I guess having that as an option couldn’t hurt. but I also don’t think it’s really necessary.

    Passkeys are already more secure than what you’re doing now. If what you’re aiming for is for them to be even more secure than that, then that’s an admirable goal. But as of right now they are worth it just for the fact that they’re more secure than existing solutions.

  • Passwords have problems, but passkeys have more

    Jump

  • I have to get to those servers through a jump box that requires me to unlock my phone and provide a biometric second factor before it will allow me through.

    That is also the case with passkeys, if you so choose. Though they are functionally similar to your SSH key, they don’t just allow you to utilize the key just by having it loaded onto your device. When you go to use a passkey you need to authenticate your key upon use, and you can do that biometrically. For example let’s say I have a passkey on my phone which is currently unlocked and in use. If somebody runs over and steals the phone from my hand and prevents it from locking, and then attempts to authenticate to a site using my passkey, they won’t be able to.

  • Passwords have problems, but passkeys have more

    Jump

  • Yes, the author is also suffering from the same misconceptions and doesn’t really understand passkeys beyond the surface level, so he doesn’t know that the problems he has with them don’t exist.

    He then goes on to reason that because passkeys might result in an awkward experience in exactly one extremely niche scenario, that you’re better off using passwords in a password manager that are less secure. He then proceeds to suggest the use of email as a second factor as an alternative, which destroys every shred of credibility he had. He also completely misses the fact that putting your passkeys in that very same password manager he himself is suggesting, solves the complaints that form over half of his entire argument. It’s super ironic too because the specific password manager that he’s recommending in his own article is a member of the FIDO Alliance and is literally one of the world’s biggest advocates for passkeys.

  • Passwords have problems, but passkeys have more

    Jump

  • I don’t think that, you said that. It’s the very first sentence of your comment. You literally said that you misunderstood them to be hardware keys.

    And yes, everything else you said is demonstrably false as well. The FIDO alliance and even specifically the companies within it that are pushing Passkeys the most, are advocating for them to be cross platform without any lock in. 1Password is one of the companies pushing for passkeys, they’re even behind the https://passkeys.directory and allow you to securely import and export passkeys so you aren’t locked in. They also made recent changes to the spec itself to make moving and owning passkeys easier. And that’s not even to mention the fact that Passkeys are just key pair, which don’t require any platform or technology to implement that isn’t built into your device.

  • Passwords have problems, but passkeys have more

    Jump

  • If companies still allowed you to login via password then any benefit you get from Passkeys would be null and void. In order to implement passkeys properly you have to disable password authentication.

    The thing is it’s then on you to secure your passkey with biometrics or a password or whatever you prefer. Your phone most likely will use biometrics by default. If you’re on Mac or PC you’ll need to buy a thumbprint scanner or use camera-based window hello / secure enclave

  • The War on Passwords Is One Step Closer to Being Over

    Jump

  • Was this reply meant for me? I’m not sure what you’re saying

  • Passwords have problems, but passkeys have more

    Jump

  • And passkeys don't solve any sort of MFA problem

    They do in fact solve this problem. Passkeys are something you have, and are secured by something you know, or something you are.

    They also solve an age-old problem with passwords, which is that regardless of how complex your password is, it can be compromised in a breach. Because you have no say in how a company stores your password. And if that company doesn’t offer 2FA or only offers sms or email verification, then you’re even more at risk. This problem doesn’t exist with passkeys.

    Edit: lol

  • Passwords have problems, but passkeys have more

    Jump

  • I thought passkeys were supposed to be a hardware device?

    Did you just admit to not even knowing what a passkey is and then decide to continue to write another two paragraphs passing judgement on them and the motives behind them anyway?

  • Passwords have problems, but passkeys have more

    Jump

  • You would be less constantly frustrated and depressed if you learned a little bit about security, instead of getting upset about imagined problems with technology you don’t understand.

  • Passwords have problems, but passkeys have more

    Jump

  • I'm like why is my browser asking to store them? What if I'm using another browser? Why is my password manager fighting with my browser on where to store this passkey?

    The answer to all of these questions is “For the exact same reason they do all these same things with passwords”

    Think of a passkey as a very, very complex password that is stored on your device (or in a password manager) that you can use to log into websites with without ever having to know what the password is, and it’s never stored on the site you’re logging into, even in a hashed format, so it literally can’t be exposed in a breach.

    It’s the exact same technology you use to connect securely to every website you visit, except used in reverse.

  • Passwords have problems, but passkeys have more

    Jump

  • Yes, use a password manager to store your passkeys.

    Passkeys are a solution looking for a problem that hasn't been solved already, and doing it badly.

    You say that and then

    hoping every service they log into with "password123" has it's own TFA. And since nearly every site uses shit TFA like a text or email message

    That’s literally a problem passkeys solve and password managers don’t lol

  • Deleted

    Google adopts small nuclear power reactors at unprecedented scale — inks deal for seven reactors to feed AI data centers

    Jump

  • I don’t think they’re even building many. The article uses the word “adopt” because they’re kinda reviving old power plants. Three Mile Island being one of them.

  • The War on Passwords Is One Step Closer to Being Over

    Jump

  • Passkeys are much simpler to use than passwords, password managers, 2FA etc. if simplicity is your goal, Passkeys are your personal wet dream.

  • The War on Passwords Is One Step Closer to Being Over

    Jump

  • ITT: Incredibly non-technical people who don’t have the first clue how Passkeys work but are convinced they’re bad due to imaginary problems that were addressed in this very article.

  • Will the .io domain cease to exist? | Tuta

    Jump

  • Zero checking. Anyone can register a .io. You can go register one right now in 5 minutes if you wanted.

  • Microsoft Azure CTO: US data centers will soon hit size limits

    Jump

  • If you block everyone with common sense, you’re going to run out of people to talk to.

  • Microsoft Azure CTO: US data centers will soon hit size limits

    Jump

  • It’s been proven to be right over and over and over again for literally centuries, across the entire world, to the point that you could set your watch to its inevitability. Any attempt you could possibly make the prove the contrary would be a waste of time for any person living down here on earth.

  • The Dark Age of Paradox Interactive: What exactly happened to one of PC gaming's best publishers?

    Jump

  • With the rise of private equity, you don’t even have to go public to sell out anymore. So many companies in operation today are empty shells puppeted by private equity firms who buy any company in any industry just to squeeze every last bit of profit out of them before throwing them away.

    Just look at the veterinary industry and the mass disappearance of vet practices owned by the doctors who work there.

  • YSK: many water bottles come with silicone gaskets that must be removed and washed to prevent mold and mildew buildup.

    Jump

  • Well yeah “Dishwasher safe” is an endorsement. The lack of an endorsement is not an endorsement to the contrary. Something is only “dishwasher unsafe” if it says “Hand wash only”