Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)E

Encrypt-Keeper

@ EncryptKeeper @lemmy.world

Posts
6
Comments
1467
Joined
3 yr. ago

  • Proton Pass now supports passkeys on all devices and plans: Beating Bitwarden to mobile devices

    Jump

  • Oh yeah no problem. The internet is flooded with high level answers that don’t really explain it in any detail.

    I wonder what hassle you’re having? Passkeys should be much less hassle than passwords.

  • Proton Pass now supports passkeys on all devices and plans: Beating Bitwarden to mobile devices

    Jump

  • Passkeys can’t be lost or stolen in the same way passwords can. They aren’t something you need to learn and are at risk of forgetting, and unlike passwords they never leave your device so they can’t be intercepted, or stolen in a server side data breach. In order for a passkey to be stolen, somebody would need to both steal your phone, and force you at gunpoint to unlock access to the passkey using biometrics.

    So they’re much, much harder to lose or “steal”, and the only way they can be stolen, could similarly be used against you to steal your password.

  • Proton Pass now supports passkeys on all devices and plans: Beating Bitwarden to mobile devices

    Jump

  • Are sufficiently long passwords susceptible to brute force attacks?

    Yes. Thought obviously the odds of success go down the longer and more complex that password.

    Don't passkeys get that feature by just being longer?

    Put simply… no. Passkeys aren’t just ”longer passwords” sent to the same place. Unlike passwords, Passkeys aren’t a “shared secret” that you’re sending to the service you’re authenticating to. Passkeys use asymmetric encryption and are neither sent to nor stored on the server you’re authenticating to. Your passkey is a private key stored on your device and secured by biometrics, the paired public key for which lives on the server you created the passkey to authenticate to.

    In a traditional brute force operation, you’re sending guesses to a server that knows your password. If you send the correct guess, you get in. It’s also possible to steal the password from the server and brute force that offline.

    With a passkey on the other hand, the server uses your public key to encrypt a string in a challenge message, this string can only be decrypted by your passkey. You then send a response that’s encrypted by your private key, which can then only be decrypted by the public key on the server. So the thing you’re sending to the server to authenticate isn’t your passkey, and it’s unique every time you log in.

    So could you perform some kind of operation that would technically still be a kind of brute force? Theoretically yeah. But even so you’d be limited to brute forcing against the server, which isn’t very effective even against passwords. However you would not at all be susceptible to offline brute forcing based on the capture of a passkey either in flight by breaking encryption, or by breaching the server, because your passkey never leaves your device.

  • Proton Pass now supports passkeys on all devices and plans: Beating Bitwarden to mobile devices

    Jump

  • Passkeys are 2FA

  • Proton Pass now supports passkeys on all devices and plans: Beating Bitwarden to mobile devices

    Jump

  • Proton Pass now supports passkeys on all devices and plans: Beating Bitwarden to mobile devices

    Jump

  • Yes, passkeys are not brute-forcible, and are phishing resistant.

    Whether or not they provide more security depends on how fully they’re implemented. A service that’s fully implemented them, like PlayStation for example, will remove the password from your account after activating your passkey.

    Some websites have half-assed their implementations where you can use a passkey or a password to log in. In that scenario, your account isn’t really any more secure, it’s just a more convenient way to log in.

  • Google Just Revealed When Apple Will Officially Adopt RCS: Northern Hemisphere Fall 2024

    Jump

  • Honestly they shouldn’t be blue. I don’t say this out of some kind of elitism, I just mean that the different colored chat bubbles are what currently tell you whether you’re using Apple’s E2EE chat function or plain text SMS. RCS would also support encryption, but currently Apple allows you to opt into tighter security controls that hide your iMessage encryption keys even from Apple when your messages are backed up. Your RCS chat partner opens half of the encrypted end to Google’s security policies which you won’t have any control over. So knowing that I’m using RCS when messaging somebody is something I’d want to be aware of.

  • The BBC Won't Use AI to Promote Doctor Who Again After Being Yelled at by Fans

    Jump

  • Oh yeah man, I guess you haven’t heard but companies behind AI are investing like, billions of dollars into AI. They’re not doing that so the little guys get some novel use out of it.

  • Affinity is joining the Canva family

    Jump

  • “At the moment” being the key part of that phrase. All the changes still have to be worked out lol.

  • Affinity is joining the Canva family

    Jump

  • I think if there’s anything big corporations have learned over the past few years, it’s that PR doesn’t matter all that much.

  • Affinity is joining the Canva family

    Jump

  • Not the end, the end stage.

  • Affinity is joining the Canva family

    Jump

  • Also, of course you are thrilled, you’re getting a fat check lol.

  • Affinity is joining the Canva family

    Jump

  • Given the context I don’t think they meant profitable as “The software makes a profit” but that the acquisition would be profitable given the costs to acquire it. The acquiring company likely has no attachment to the software itself and only sees a bunch of cows (customers) for milking.

  • The domain aftermarket has a big problem

    Jump

  • So your solution to capitalism running its dirty fingers into the domain name system is… enabling corporate style hostile domain takeovers? Good lord no.

  • Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

    Jump

  • What damage? You’re all over this thread asserting something that doesn’t seem to have happened.

  • Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

    Jump

  • I don’t see any allegations that the company they partnered with was selling out your info. Just that the CEO of that company was involved in other companies that weren’t privacy friendly.

  • What do I need to separate devices to its own no-internet network and still be able to communicate with within the house and outside? (Diagram provided)

    Jump

  • You’d put a router with firewall capabilities in place of that cloud on the right. The devices you don’t want to have internet access will be put into a different subnet than your normal home LAN on the left. You’ll then make a “Deny all” rule so that the devices on the right can’t leave their subnet, with the exception of any explicit allow rules that you make.

  • US senators push to declassify TikTok briefings

    Jump

  • It is not already the case. Without an electoral college, a single voter in North Dakota has effectively no voice at all. In fact, the states entire population would mean little more than a rounding error. With no electoral college the cumulative voting power of the entire state is 0.23%. With the electoral college they’re bumped up to over 1%

    Swing states get to decide national policy far more than other states

    …no? A swing state is just a state that that has enough voters from each major party that they could go either way. They don’t have any more power than any other state.

  • US senators push to declassify TikTok briefings

    Jump

  • It wouldn’t require it. But it makes less than no sense to ditch it while we are still a 50 state union. The entire point of the United States is that you can choose a state to live in with an independent regional government that governs the place where you and your family live and work. A place where you have more control as a voter in how it’s run. Then you have a federal government which can when institute needed laws that apply to every state, which is a lot of power over the state you live in. Thus you want each independent state to have a vote in who’s running the country.

    To get rid of the electoral college would mean handing over control of the entire federal government, a government that has the power to overrule laws in your state, to effectively four or five states.