this post was submitted on 16 Oct 2024
32 points (80.8% liked)

Technology

34889 readers
134 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 1 month ago* (last edited 1 month ago) (1 children)

edit: I think I’ve misunderstood the point of the article. He is saying passkeys are dangerous for people without password managers, therefore for most people passwords are still better (since most people don't use password managers). It's not so much a problem with passkeys, but the lack of password managers.


Even in the best case scenario, where you're using an iPhone and a Mac that are synced with Keychain Access via iCloud

Surely the better-case scenario would be using a password manager?

The article doesn't address the recommended use-case of passkeys + password manager, which makes it kind of irrelevant.

[–] [email protected] 4 points 1 month ago (2 children)

But that is exactly what he recommends, using a password manager - with one time email authentication for the first login as an extra step, right?

[–] [email protected] 3 points 1 month ago* (last edited 1 month ago)

edit: I think I've misunderstood the point of the article. In a non-obvious (to me at least) way, he is saying passkeys are dangerous for people without password managers, therefore for most people passwords are still better.

[–] [email protected] 2 points 1 month ago

But that is exactly what he recommends, using a password manager - with one time email authentication for the first login as an extra step, right?

Nope.

Using a cross-platform password manager with synced passkeys is different and much more secure than using a password manager with email TOTPs or sign-in links with emails that aren’t end-to-end encrypted.

And password manager adoption is much higher than PGP keyserver adoption, and if you can’t discover someone’s public key you can’t use it to encrypt a message to them, so sending end-to-end encrypted emails with TOTPs/sign-on links isn’t a practical option.

According to Statista, 34% of Americans used password managers in 2023 (a huge increase from 21% in 2022), so it’s not even like the best case scenario is rare.