10
Take your passkey and shove it where the sun don't shine
(lemmy.world)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 28 Feb 2025
10 points (100.0% liked)
memes
16308 readers
1073 users here now
Community rules
1. Be civil
No trolling, bigotry or other insulting / annoying behaviour
2. No politics
This is non-politics community. For political memes please go to !politicalmemes@lemmy.world
3. No recent reposts
Check for reposts when posting a meme, you can only repost after 1 month
4. No bots
No bots without the express approval of the mods or the admins
5. No Spam/Ads
No advertisements or spam. This is an instance rule and the only way to live.
A collection of some classic Lemmy memes for your enjoyment
Sister communities
- !tenforward@lemmy.world : Star Trek memes, chat and shitposts
- !lemmyshitpost@lemmy.world : Lemmy Shitposts, anything and everything goes.
- !linuxmemes@lemmy.world : Linux themed memes
- !comicstrips@lemmy.world : for those who love comic stories.
founded 2 years ago
MODERATORS
Passkeys are light years ahead of 2fA in user experience. Why do you dislike them?
Security based on devices is one of the positive innovations of smartphones and perhaps the only area where they've improved over the desktop experience.
I very specifically don't want my security tied to my device. Trying to migrate to new phones, and keeping things synced between a phone, desktop, and laptop is why I long ago moved to a password manager. Now, especially in the phone space, getting passkeys to function fully with a password manager ranges from "pain in the ass" to "not actually possible".
I had a botched phone battery replacement once resulting in the phone getting replaced very unexpectedly. It was a nightmare trying to get everything back together because I stupidly used google authenticator, which is tied to the specific phone it’s on. Not tying it to the device is the way to go.
I didn't consider the friction of integrating it into your existing process because I use a manual password manager. But who is saying you should replace a password manager with passkeys? It was always meant to be a parallel system.
Edit: I just wanted to add that people like you and I who have "solved" our credentials problems are a tiny minority. Passwords are shit. Just because we've grown accustomed to them doesn't change that.
You'll find that nobody has a problem with passkeys specifically. They have a problem with the implementation, and companies forcing passkeys onto users who don't want or need them.
I don't need passkeys because I use a password manager. My threat model requires that I can restore my password manager, all 2FA, and regain full access to all my accounts from anywhere in the world, even if a natural disaster occurs and all my devices are destroyed.
Passkeys and SMS 2FA are a direct threat to my threat model, and I can't help but feel they're designed to further entrench surveillance capitalism, and the invasion of privacy as a prerequisite for security.
Heard of so many people losing their phone. Then they try to log into something and the company (quite often google) says "I don't give a fuck if you know your passwords I'm never letting you log into your account get fucked, don't call I won't answer"
Bitwarden: “I’m literally right here”
Bitwarden+Firefox+Android. That combo doesn't support passkey creation.
Why would I want security based on a device? What security this offers greater than a 64 chars password + 2FA?
TOTP codes can be phished, hardware security keys and passkey can't
I doubt that anyone that doesn't use "password" as a password and who knows what 2FA is could be easily subject to phishing.