• 17 Posts
  • 527 Comments
Joined 2 years ago
Cake day: July 12th, 2024
  • needanke@feddit.orgtoTechnology@lemmy.worldPasskeys Explained: The End of PasswordsEnglish
    122·
    2 months ago

    How do you currently store your passwords? I would also consider that a third party with an adittional atack surface if you are considering the passkey location one.

    Also your argument

    (if you ignore the operating system, web browser, network protocols, etc., but that’s part of using the tech).

    is faulty. That is because passkeys exist in part to mitigate those atack vectors. Mitm, a compromised browser or client, etc. is less of an issue with passkeys. The information transmitted during an authentication can not be reused on another authentication attempt.

    I don’t agree on passkeys complicating things either. For me the authentication-flow is not more complicated then KeePasses autofill.

    Assuming one can be ‘tech savy’ enough to not fall for fishing is bad. There are quite advanced attacks or you might even just be tired one day and do something stupid by accident.

    What’s that now? The weak point is the user’s ability to implement MFA and biometrics? The same users who couldn’t be bothered to create different passwords for different sites?

    You don’t expext the user to ‘implement’ mfa or biometrics. You expect them to use it. And most places where a novice would store passkeys don’t just expect but enforce it. It is also way simpler to set up biometrics on one device compared to keeping with a good password strategy.

Moderates