291
Google will now make passkeys the default for personal accounts (arstechnica.com)
submitted 1 year ago by Tibert@jlai.lu to c/technology@lemmy.world
192 comments fedilink hide all child comments

Passkey is some sort of specific unique key to a device allowing to use a pin on a device instead of the password. But which won't work on another device.

Now I don't know if that key can be stolen or not, or if it's really more secure or not, as people have really unsecure pins.

you are viewing a single comment's thread
view the rest of the comments
[-] alvvayson@lemmy.world 33 points 1 year ago

It's definitely more secure, since stealing someone's phone is much more difficult to scale up compared to stealing passwords.

[-] Engywuck@lemm.ee 31 points 1 year ago

I don't think that access to your personal data/email/files being dependent on a battery-powered electronic device is a great idea, to be honest.

[-] alvvayson@lemmy.world 2 points 1 year ago

That's why they invented chargers, eh.

But more seriously, there are recovery procedures if you lose a phone with or without a backup and if you are willing to share the keys with a cloud provider, you can also store them there and use them on any of your devices.

Or you can get something like a yubikey if the battery aspect is really that problematic for you.

[-] Engywuck@lemm.ee 12 points 1 year ago

The fact is that I fail to see something obviously wrong with outrageously long/complicated passwords managed by e.g. Bitwarden or the likes.

[-] confusedbytheBasics@lemmy.world 2 points 1 year ago

Long passwords can still be phished. Passkeys cannot. It's a huge upgrade.

[-] Engywuck@lemm.ee -1 points 1 year ago

I don't think so, but whatever.

[-] confusedbytheBasics@lemmy.world 2 points 1 year ago

What do you mean? Do you not believe the anti-phishing features will work as described for a reason?

load more comments (26 replies)
[-] AA5B@lemmy.world 1 points 1 year ago

My understanding of Apple Keychain is that every credential is useable from every device, and can be backed up and restored to a new device. Most importantly Apple doesn’t have access, although we have to trust them on that

[-] ada@lemmy.blahaj.zone 9 points 1 year ago

It's not quite unique to a specific device. You can store your private key in a password manager or something similar, and then access it from other devices

[-] alvvayson@lemmy.world 4 points 1 year ago

Depends on your personal choice. You can definitely limit them to a single, hardeneddevice if you want the highest level of security.

For most users and most situations, a synced solution will be preferable.

[-] V0lD@lemmy.world 4 points 1 year ago

But it becomes much easier if you want to compromise a specific target individual

load more comments (19 replies)
[-] wreckedcarzz@lemmy.world 4 points 1 year ago

Me, at the bank:

Robbers, as they enter the bank: everybody freeze

Me: ah shit

Robbers: everyone give me your phones

Me: aw hell naw

mission impossible style shootout

this post was submitted on 11 Oct 2023
291 points (98.0% liked)

Technology

59598 readers
3602 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world