8
submitted 2 weeks ago by cm0002@lemmy.world to c/memes@lemmy.world
top 26 comments
sorted by: hot top controversial new old
[-] bennypr0fane@discuss.tchncs.de 1 points 2 weeks ago

Passkeys are one exception to the familiar pattern of "we give you more SeCuRiTY so we can spy on you more and control your behaviour better". They actually are more secure. Problem is, a lot of technical issues with it still, a ton of stuff not working correctly yet

[-] Kirk@startrek.website 1 points 2 weeks ago

Uhhh... Can someone ELI18 to me the problem with passkeys? I use them wherever available and find them very convenient.

[-] Katana314@lemmy.world 1 points 2 weeks ago

There's been a lot of pain in the attempt to portray it as "Just click the passkey button, and that's it! Your login is secured for life!"

No - Buddy. It is secured for this one specific device that I have biometric authentication for. What about my computer? What about my other computer that isn't on the same operating system? I have a password manager that stores these things, why didn't you save to that when I registered? Why is it trying to take this shit from my Apple Keychain when it's in Bitwarden?

And, the next ultra-big step: How would a non-techie figure this shit out?

[-] lmmarsano@lemmynsfw.com 1 points 2 weeks ago

For some people it is that easy.

When it is saved to a cross-platform password manager, it is secured on all devices that password manager runs on including your computer on other operating systems. You can also choose other in the OS prompt & redirect to a device with your passkey or use a hardware security key (I don't). If your preferred password manager isn't the primary one on all your devices, then fix that or use the other option mentioned before.

How would a non-techie figure this shit out?

The same way they figure out passwords & multifactor. Their pain isn't ours for those who've figured this out & have a smooth experience.

[-] recall519@lemm.ee 0 points 2 weeks ago

I just wish Google would stop overriding my passkey on Android for specific apps including their own.

[-] throwback3090@lemmy.nz 0 points 2 weeks ago

You can change the provider to bitwarden.

[-] recall519@lemm.ee 1 points 1 week ago

I do have it overridden but Google Play Services isn't respecting my passkey default.

[-] hemko@lemmy.dbzer0.com 0 points 2 weeks ago

What's wrong with passkeys? I'm in love with passwordless sign-in with yubikey, so much easier and faster than password + totp

[-] deegeese@sopuli.xyz 0 points 2 weeks ago

It’s shitty user experience when forced to dig out my phone to authenticate myself to a site I barely give half a shit about.

Like I wouldn’t even have an account if it wasn’t forced, and now you assholes want my phone too?

[-] hemko@lemmy.dbzer0.com 0 points 2 weeks ago

I think you're describing SMS passcode, totp or other such factors.

Passcode doesn't require phone necessarily, but you can use it too

[-] Kusimulkku@lemm.ee 0 points 2 weeks ago* (last edited 2 weeks ago)

A lot of the stuff that has implemented passkeys so far are on mobile. And I mean the apps serving them out, not things you authenticate to.

[-] 4am@lemm.ee 0 points 2 weeks ago

BitWarden has a desktop extension and it also handles 2FA. No reason to be using a password, which is way less secure and can be extracted from a website DB via a hack.

[-] Kusimulkku@lemm.ee 0 points 2 weeks ago

Doesn't the 2FA protect users still, if they only got the password?

[-] perfectly_boiled_pizza@lemmy.world 1 points 2 weeks ago* (last edited 1 week ago)

In practice, yes. IF IMPLEMENTED PROPERLY it would be extremely unlikely for an attacker to get in.

For example with a proper implementation of TOTP it would require an attacker to guess the correct number between 0 and 999999 in less than half a minute. Most services make you wait a little bit (often less than humans notice) between attempts and don't allow infinite attempts, so an attacker would have to be unimaginably lucky.

There are sadly lots of huge companies that DON'T IMPLEMENT 2FA PROPERLY. Sony Entertainment (account for PlayStation) for example. So a unique and long password is still important.

[-] Quexotic@infosec.pub 0 points 2 weeks ago

Has this energy...

[-] SleafordMod@feddit.uk 0 points 2 weeks ago

I have no idea what a passkey is and I will probably only learn what it is when they become mandatory

I will just use passwords + 2FA for the moment

[-] bradboimler@lemmy.world 0 points 2 weeks ago
[-] SleafordMod@feddit.uk 1 points 1 week ago

I see, thanks. It mentions biometrics on that page. Maybe if my next laptop has a fingerprint reader then I should look into passkeys more.

[-] bradboimler@lemmy.world 1 points 1 week ago

I don't use the biometric authentication on my laptop and am able to complete the demo on it. Chrome asks me for a PIN that I save and provide when it asks on my laptop. I don't think biometrics are a requirement for passkeys.

[-] SleafordMod@feddit.uk 1 points 1 week ago

Ah okay. Maybe I will just stick with a password + 2FA for now though. I'm sure I will eventually learn more about passkeys when I make the effort to read more about them.

[-] jj4211@lemmy.world 0 points 2 weeks ago

Passkey is essentially a branding of webauthn. Instead of typing some code that changes, you just do something with some sort of device or key manager.

Plug in a yubikey and touch the button to authenticate. Easier.

[-] SleafordMod@feddit.uk 1 points 1 week ago

Interesting thanks. I will probably just stick with passwords + 2FA for the moment because I'm lazy. It would be cool to have something like a hardware key though.

[-] tabularasa@lemmy.ca 0 points 2 weeks ago

The amount of people in this thread that don't understand passkeys surprises me. This is Lemmy. Aren't we the technical Linux nerds of the Internet?

[-] airportline@lemm.ee 1 points 2 weeks ago* (last edited 2 weeks ago)

brb opening and feature request for passkeys in Lemmy

edit: nevermind

[-] Maggoty@lemmy.world 0 points 2 weeks ago

2FA is just dead simple. I contact you, you contact me, handshake achieved. If you call me out of the blue I raise the alarm. If you get a login attempt with a failed handshake you raise the alarm.

Putting it all behind a pop up screen just isn't trustworthy to the human brain.

[-] lmmarsano@lemmynsfw.com 1 points 2 weeks ago* (last edited 1 week ago)

Passkey is multifactor: something the user has (key), something the user is (biometric) or knows (password) to unlock the key. Yes, dead simple.

this post was submitted on 28 Feb 2025
8 points (100.0% liked)

memes

13209 readers
1428 users here now

Community rules

1. Be civilNo trolling, bigotry or other insulting / annoying behaviour

2. No politicsThis is non-politics community. For political memes please go to !politicalmemes@lemmy.world

3. No recent repostsCheck for reposts when posting a meme, you can only repost after 1 month

4. No botsNo bots without the express approval of the mods or the admins

5. No Spam/AdsNo advertisements or spam. This is an instance rule and the only way to live.

A collection of some classic Lemmy memes for your enjoyment

Sister communities

founded 2 years ago
MODERATORS