this post was submitted on 11 Oct 2023
291 points (98.0% liked)

Technology

59374 readers
3586 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
291
Google will now make passkeys the default for personal accounts (arstechnica.com)
submitted 1 year ago by [email protected] to c/[email protected]
190 comments fedilink hide all child comments
 

Passkey is some sort of specific unique key to a device allowing to use a pin on a device instead of the password. But which won't work on another device.

Now I don't know if that key can be stolen or not, or if it's really more secure or not, as people have really unsecure pins.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 161 points 1 year ago (27 children)

Man, the amount of fearmongering and anti-Google rhetoric in this thread makes me sad. Passkeys are almost entirely a good thing and are supported by many big and small companies.

No, it won’t lock you into Google, it’s an open web standard. Google will have an Authenticator, Apple will, and third parties will spring up to support it as well. And there’s no lock in, you can get a new passkey when you want to switch devices or providers.

No, someone who gets access to your device can’t get access to everything if you have basic security hygeine. Secure your passkeys with a secondary password or use biometric authentication.

Yes, it’s almost a straight upgrade to text passwords. They are immune to phishing attacks and other social engineering tricks, and you don’t need to remember long strings of numbers and letters anymore.

Do your research people, sheesh.

[–] [email protected] 60 points 1 year ago (4 children)

This is starting to really get on my nerves, and I feel like discourse on the fediverse is worse; basically the attitude is that if it's not FOSS and self-hosted, it's shite. That attitude is fucking grating for the rest of us.

[–] [email protected] 43 points 1 year ago

The irony is that it's an open standard. There are FOSS implementations you can self-host. Server side, client side, soft token, hard token. Everything.

https://github.com/herrjemand/awesome-webauthn

People on this thread are just really ignorant, even self-proclaimed security experts.

[–] [email protected] 5 points 1 year ago

This and if any business anywhere manages to reache a significant level of success — and has the nerve to charge money for their service — it’s a sign that capitalism doesn’t work and corporations are inherently evil.

I just assume it’s an age thing.

[–] [email protected] 1 points 1 year ago

Big tech have done this to themselves

load more comments (22 replies)