this post was submitted on 16 Oct 2024
180 points (86.6% liked)

Technology

58707 readers
6140 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s
[email protected]
[email protected]
[email protected]
enu
[email protected]
L4s
180
Passwords have problems, but passkeys have more (world.hey.com)
submitted 16 hours ago by [email protected] to c/technology
134 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 6 points 2 hours ago (2 children)

Passkeys are also weirdly complex for the end user too, you can't just share passkey between your devices like you can with a password, there's very little to no documentation about what you do if you lose access to the passkeys too.

[–] vzq 6 points 1 hour ago* (last edited 1 hour ago)

you can't just share passkey between your devices like you can with a password

Either you enroll a system that shares them between devices without the need for special interaction (password manager, iCloud etc) or you enroll each device separately into your account.

You can have more than one passkey for a service. This is a good thing.

[–] Spotlight7573 1 points 1 hour ago (1 children)

you can’t just share passkey between your devices like you can with a password

You would just sign into your password manager or browser on both devices and have access to them?

Additionally, whatever app or service you're storing them in can provide sharing features, like how Apple allows you to share them with groups or via AirDrop.

there’s very little to no documentation about what you do if you lose access to the passkeys too.

If you lose your password, there are recovery options available on almost all accounts. Nothing about passkeys means the normal account recovery processes no longer apply.

[–] [email protected] 1 points 1 hour ago (1 children)

You would just sign into your password manager or browser on both devices and have access to them?

Does it work like that? Everything I see says they're tied to that device.

If you lose your password, there are recovery options available on almost all accounts.

Fair, I guess I've never lost a password because it's just a text string in my PW manager, not some auth process that can fail if things don't work just right.

[–] Spotlight7573 1 points 1 hour ago

Does it work like that? Everything I see says they’re tied to that device.

It depends on what kind you want to use. If you want the most security, you can store them on something like a Yubikey, with it only being on that device and not exportable. If you get a new device, you'll need to add that new device to your accounts. For less security but more convenience, you can have them stored in a password manager that can be synced to some service (self-hosted or in the cloud) or has a database file that can be copied.

Fair, I guess I’ve never lost a password because it’s just a text string in my PW manager, not some auth process that can fail if things don’t work just right.

That's fair. It can be a bit of a mess with different browser, OS, and password manager support and their interactions but it has continued to get better as there is more adoption and development.