For years, the internet has been shrinking. Not in size, not in data, but in ownership. A vast, decentralized network of personal blogs, forums, and independent communities has been corralled into a handful of paved prison yards controlled by a few massive corporations. Every post, every “friend,” every creative work—
  • CubitOom@infosec.pubEnglish
    12·
    2 days ago

    What would you propose replace passwords to not be susceptible to those things?

    I personally like how secure and non intrusive passwords are, especially when using a self hosted password manager synced with git.

    • 4am@lemm.eeEnglish
      153·
      2 days ago

      Passkeys are much better. Unlike what FAANG companies want you to believe, they do not have to be tied to a device. Use a password manager that supports them (BitWarden) and pretty much never get hacked again because of a password. Website doesn’t need to store anything that an attacker can use. No downside.

      • 032 Mendicant Bias@feddit.ukEnglish
        5·
        2 days ago

        Any recommended reading for pass keys to get me up to speed? I use Bitwarden and have been happy enough with just passwords via that for a long time now. Only time I’ve seen pass keys mentioned really was Google trying to push it on me but I don’t use their password manager.

    • xylogx@lemmy.worldEnglish
      7·
      2 days ago

      It is hard to do well which is why I worry. Google probably has the best overall account security, you could fo worse than modeling after them.

      The short answer to your question is Passkeys. But you need a whole system of account recovery around them.

      • CubitOom@infosec.pubEnglish
        111·
        2 days ago

        Oh, you can easily bypass passkeys with automation. Don’t even need an image recognition model, just a QR-code scanner like zbarimg.

        But i never tried googles passkey feature since it never seemed as secure as a 48 char computer generated password. So I’m not sure exactly how it works.