Was this reply meant for me? I’m not sure what you’re saying
EncryptKeeper
joined 2 years ago
And passkeys don't solve any sort of MFA problem
They do in fact solve this problem. Passkeys are something you have, and are secured by something you know, or something you are.
They also solve an age-old problem with passwords, which is that regardless of how complex your password is, it can be compromised in a breach. Because you have no say in how a company stores your password. And if that company doesn’t offer 2FA or only offers sms or email verification, then you’re even more at risk. This problem doesn’t exist with passkeys.
Edit: lol
I thought passkeys were supposed to be a hardware device?
Did you just admit to not even knowing what a passkey is and then decide to continue to write another two paragraphs passing judgement on them and the motives behind them anyway?
You would be less constantly frustrated and depressed if you learned a little bit about security, instead of getting upset about imagined problems with technology you don’t understand.
I'm like why is my browser asking to store them? What if I'm using another browser? Why is my password manager fighting with my browser on where to store this passkey?
The answer to all of these questions is “For the exact same reason they do all these same things with passwords”
Think of a passkey as a very, very complex password that is stored on your device (or in a password manager) that you can use to log into websites with without ever having to know what the password is, and it’s never stored on the site you’re logging into, even in a hashed format, so it literally can’t be exposed in a breach.
It’s the exact same technology you use to connect securely to every website you visit, except used in reverse.
Yes, use a password manager to store your passkeys.
Passkeys are a solution looking for a problem that hasn't been solved already, and doing it badly.
You say that and then
hoping every service they log into with "password123" has it's own TFA. And since nearly every site uses shit TFA like a text or email message
That’s literally a problem passkeys solve and password managers don’t lol
I don’t think they’re even building many. The article uses the word “adopt” because they’re kinda reviving old power plants. Three Mile Island being one of them.
Passkeys are much simpler to use than passwords, password managers, 2FA etc. if simplicity is your goal, Passkeys are your personal wet dream.
ITT: Incredibly non-technical people who don’t have the first clue how Passkeys work but are convinced they’re bad due to imaginary problems that were addressed in this very article.
I think the thing to note here is that ISPs roll those things out fully aware that hardly anyone who pays for that will actually USE that amount of data. They don’t want a killer app for it, they just want you to think you need that much data, and then never actually use it. In fact there are some places where regardless of your bandwidth, you have a monthly data allotment. This game represents a shift into super high bandwidth usage for the general non-technical population. If everyone and their mom starts actually using all the bandwidth they pay for, can the ISP deal with that? If you don’t have a monthly data limit, do they start to roll those out to you and your area?
Zero checking. Anyone can register a .io. You can go register one right now in 5 minutes if you wanted.
If companies still allowed you to login via password then any benefit you get from Passkeys would be null and void. In order to implement passkeys properly you have to disable password authentication.
The thing is it’s then on you to secure your passkey with biometrics or a password or whatever you prefer. Your phone most likely will use biometrics by default. If you’re on Mac or PC you’ll need to buy a thumbprint scanner or use camera-based window hello / secure enclave