Technology

59421 readers

3562 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

[email protected]

291

Google will now make passkeys the default for personal accounts (arstechnica.com)

submitted 1 year ago by [email protected] to c/[email protected]

190 comments fedilink hide all child comments

Passkey is some sort of specific unique key to a device allowing to use a pin on a device instead of the password. But which won't work on another device.

Now I don't know if that key can be stolen or not, or if it's really more secure or not, as people have really unsecure pins.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 1 year ago (10 children)

I may be misunderstanding you, but how does that stop an attacker?

Getting a copy of someone's fingerprint can be done without their knowledge since it is the easiest biometric to accidentally leave behind. Having to restart my phone doesn't suddenly change my fingerprints.

Or, do you have to actually re-register your prints on a daily basis via a different form of authentication? That'd seem inconvenient and like it would just move the problem around

[–] [email protected] 3 points 1 year ago (7 children)

US legal system can compel you to give biometrics, but not password/pin

[–] [email protected] 1 points 1 year ago (6 children)

They won't be able to compel you before the biometric access timer expires.

[–] [email protected] 1 points 1 year ago (1 children)

Tell that to cops at traffic stops

Yes it's a thing

[–] [email protected] 1 points 1 year ago (1 children)

Then you have a nice juicy lawsuit. No legal protection is going to prevent a rogue cop from getting your data. https://xkcd.com/538/

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (1 children)

Good luck in court

https://www.computerworld.com/article/2743684/mich--state-police-confiscate-cell-data-at-traffic-stops--won-t-say-when-or-why.html

https://www.vice.com/en/article/aekqkj/us-state-police-have-spent-millions-on-israeli-phone-cracking-tech-cellebrite

They even brag about it

https://cellebrite.com/en/kansas-investigators-use-advanced-analytics-to-speed-their-work-and-reduce-violent-crime/

https://m.slashdot.org/story/418156

Make sure your devices are up to date

[–] [email protected] 1 points 1 year ago (1 children)

You link to articles about law enforcement hacking phones to get data as a reason not to use biometrics? If they are hacking your device it doesn't matter if you use a password or a fingerprint.

[–] [email protected] 1 points 1 year ago (1 children)

On the contrary, these tools only work when the phone has been unlocked since boot on any modern phone, so you can turn it off or reboot it

[–] [email protected] 1 points 1 year ago

True. In the context of this thread it doesn't matter though.

load more comments (4 replies)

load more comments (6 replies)