this post was submitted on 14 Feb 2024
263 points (88.8% liked)

Technology

58473 readers
4835 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s
[email protected]
[email protected]
[email protected]
enu
[email protected]
L4s
263
Passkeys might really kill passwords (www.theverge.com)
submitted 7 months ago by [email protected] to c/technology
180 comments fedilink hide all child comments
 

Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing... that lives on my phone? What if I lose my phone? What if you steal my phone?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 28 points 7 months ago (15 children)

Passkeys feel so much more worse. It becomes one central point to lose everything.

[–] Spotlight7573 -1 points 7 months ago (3 children)

If you already have a central point to lose everything in the form of a password manager, is it any worse? What's the difference between a random password stored in your password manager that you don't remember versus a private key stored in your password manager that you're not expected to remember? You've always needed to make backups or have alternative ways to get in (recovery codes, customer support channels, etc), nothing about that has changed when going from passwords to passkeys. When passkeys are supported on sites, there can be no autofill issues (password or TOTP), no password complexity requirements, no worries about how they are hashing them on the server side, no phishing issues, etc. That's an improvement over the system we have now.

And for those that don't have a password manager, they are likely reusing passwords. Passkeys prevent the risk of password reuse and the risk of phishing.

[–] KlavKalashj 8 points 7 months ago (1 children)

I export my passwords from my manager regularly and keep them on paper in a secure place. At worst, it would be massively annoying if the password manager somehow blew up. But you can't hack a paper. On the other hand, like some other person wrote, it's incredibly easy to break your phone screen and then you're screwed until you can fix it.

[–] Spotlight7573 1 points 7 months ago

The person who broke their phone screen wasn't mad about not being able to access the data on it in this case, but rather that they couldn't receive a text message as the second factor to log in to their bank. Having a backup wouldn't have mattered, they couldn't receive the text. Like it or not, having two-factor authentication on accounts is a necessity with the phishing and malware problems out there. Having multiple (secure) factors attached to your account is the best protection against getting locked out.

The breaking of a phone and loss of the data on it can still be protected against by having backups in other locations or offline, like you have.

load more comments (1 replies)
load more comments (12 replies)