this post was submitted on 15 Oct 2024
189 points (92.0% liked)

Technology

60394 readers
3330 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago
MODERATORS
L3s
enu
technopagan
189
The War on Passwords Is One Step Closer to Being Over (www.wired.com)
submitted 3 months ago by GreenEngineering3475 to c/technology
129 comments fedilink hide all child comments
 

“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 62 points 2 months ago* (last edited 2 months ago) (23 children)

Literally just use a password manager and 2/MFA. It’s not a problem. We have a solution.

[–] [email protected] 43 points 2 months ago (16 children)

Actually, it is still a problem, because passwords are a shared secret between you and the server, which means the server has that secret in some sort of form. With passkeys, the server never has the secret.

[–] [email protected] 9 points 2 months ago (6 children)

Best password manager is offline password manager.

KeepassXC makes a file with the passwords that is encrypted, sharing this file with a server is more secure than letting the server manage your passwords

[–] hikaru755 15 points 2 months ago

This is not at all relevant to the comment you're responding to. Your choice of password manager doesn't change that whatever system you're authenticating against still needs to have at least a hash of your password. That's what passkeys are improving on here

load more comments (5 replies)
load more comments (14 replies)
load more comments (20 replies)