For years, the internet has been shrinking. Not in size, not in data, but in ownership. A vast, decentralized network of personal blogs, forums, and independent communities has been corralled into a handful of paved prison yards controlled by a few massive corporations. Every post, every “friend,” every creative work—
It is hard to do well which is why I worry. Google probably has the best overall account security, you could fo worse than modeling after them.
The short answer to your question is Passkeys. But you need a whole system of account recovery around them.
Oh, you can easily bypass passkeys with automation. Don’t even need an image recognition model, just a QR-code scanner like
zbarimg.But i never tried googles passkey feature since it never seemed as secure as a 48 char computer generated password. So I’m not sure exactly how it works.
Go read the FIDO threat model if you want to understand how it protects against specific attacks. It is pretty secure.
https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html
That’s a pretty wild claim. It almost sounds like you don’t know what a passkey is. Explain.
Oh I don’t know what it is, sorry I thought I made that clear. But a quick search on the internet said it was basically 2fa with a qr code and since the issue was how it would protect Lemmy from bots I just thought it wouldn’t be hard for a bot to read a qr code.