291

Google will now make passkeys the default for personal accounts (arstechnica.com)

submitted 11 months ago by Tibert@jlai.lu to c/technology@lemmy.world

192 comments fedilink hide all child comments

Passkey is some sort of specific unique key to a device allowing to use a pin on a device instead of the password. But which won't work on another device.

Now I don't know if that key can be stolen or not, or if it's really more secure or not, as people have really unsecure pins.

you are viewing a single comment's thread
view the rest of the comments

[-] alvvayson@lemmy.world 33 points 11 months ago

It's definitely more secure, since stealing someone's phone is much more difficult to scale up compared to stealing passwords.

[-] Engywuck@lemm.ee 31 points 11 months ago

I don't think that access to your personal data/email/files being dependent on a battery-powered electronic device is a great idea, to be honest.

[-] alvvayson@lemmy.world 2 points 11 months ago

That's why they invented chargers, eh.

But more seriously, there are recovery procedures if you lose a phone with or without a backup and if you are willing to share the keys with a cloud provider, you can also store them there and use them on any of your devices.

Or you can get something like a yubikey if the battery aspect is really that problematic for you.

[-] Engywuck@lemm.ee 12 points 11 months ago

The fact is that I fail to see something obviously wrong with outrageously long/complicated passwords managed by e.g. Bitwarden or the likes.

[-] confusedbytheBasics@lemmy.world 2 points 11 months ago

Long passwords can still be phished. Passkeys cannot. It's a huge upgrade.

[-] Engywuck@lemm.ee -1 points 11 months ago

I don't think so, but whatever.

[-] confusedbytheBasics@lemmy.world 2 points 11 months ago

What do you mean? Do you not believe the anti-phishing features will work as described for a reason?

load more comments (26 replies)

[-] AA5B@lemmy.world 1 points 11 months ago

My understanding of Apple Keychain is that every credential is useable from every device, and can be backed up and restored to a new device. Most importantly Apple doesn’t have access, although we have to trust them on that

[-] ada@lemmy.blahaj.zone 9 points 11 months ago

It's not quite unique to a specific device. You can store your private key in a password manager or something similar, and then access it from other devices

[-] alvvayson@lemmy.world 4 points 11 months ago

Depends on your personal choice. You can definitely limit them to a single, hardeneddevice if you want the highest level of security.

For most users and most situations, a synced solution will be preferable.

[-] V0lD@lemmy.world 4 points 11 months ago

But it becomes much easier if you want to compromise a specific target individual

load more comments (19 replies)

[-] wreckedcarzz@lemmy.world 4 points 11 months ago

Me, at the bank:

Robbers, as they enter the bank: everybody freeze

Me: ah shit

Robbers: everyone give me your phones

Me: aw hell naw

mission impossible style shootout

this post was submitted on 11 Oct 2023

291 points (98.0% liked)

Technology

58133 readers

4490 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS