this post was submitted on 14 Feb 2024
263 points (88.8% liked)

Technology

59347 readers
5099 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing... that lives on my phone? What if I lose my phone? What if you steal my phone?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 37 points 9 months ago (17 children)

We shouldn't be getting rid of passwords, or one time passwords, or two factor authentication, or single use codes. The point of security is overlapping features is what brings convenience and deterrence.

[–] [email protected] 23 points 9 months ago (12 children)

It's probably overkill for most people but I would love to have a system that lets me choose what combination of factors together work to login rather than just 'password and something else'. Something like A,B,C are on the account and you can use A+B or B+C to login. It'd be great for those who don't necessarily want to trust SMS-based one-time passwords (due to SIM swapping, theft, etc) if we could require something else along with it.

That said, the way passkeys are typically used satisfy multiple factors at once:

Password to unlock your password database that stores your passkey: something you know, the password + something you have, the database

Biometric to unlock your phone that has your passkey: something you are, fingerprint or face + something you have, the phone

[–] [email protected] 13 points 9 months ago (5 children)

SMS second factor is so bad! The really dumb thing in my opinion is the place that uses SMS to factor the most is banks. Now how dumb is that?

[–] [email protected] 9 points 9 months ago (1 children)

In the EU they have to use something stronger if available. SMS is only used if requested by the user.

[–] [email protected] 5 points 9 months ago

I wish it were that way here in the United States. But sadly, nope.

load more comments (3 replies)
load more comments (9 replies)
load more comments (13 replies)