this post was submitted on 04 Dec 2023
111 points (100.0% liked)

the_dunk_tank

15910 readers
19 users here now

It's the dunk tank.

This is where you come to post big-brained hot takes by chuds, libs, or even fellow leftists, and tear them to itty-bitty pieces with precision dunkstrikes.

Rule 1: All posts must include links to the subject matter, and no identifying information should be redacted.

Rule 2: If your source is a reactionary website, please use archive.is instead of linking directly.

Rule 3: No sectarianism.

Rule 4: TERF/SWERFs Not Welcome

Rule 5: No ableism of any kind (that includes stuff like libt*rd)

Rule 6: Do not post fellow hexbears.

Rule 7: Do not individually target other instances' admins or moderators.

Rule 8: The subject of a post cannot be low hanging fruit, that is comments/posts made by a private person that have low amount of upvotes/likes/views. Comments/Posts made on other instances that are accessible from hexbear are an exception to this. Posts that do not meet this requirement can be posted to [email protected]

Rule 9: if you post ironic rage bait im going to make a personal visit to your house to make sure you never make this mistake again

founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 37 points 11 months ago* (last edited 11 months ago) (1 children)

Every 'passwordless' solution to passwords always ends up being the informational equivalent of 'passwords, but the method is changed'. Biometrics are just a once-in-a-lifetime password that's entered differently, password managers are just all your passwords, but behind one big password.

Even 2FA is just "password you know" and "password your device knows".

Not saying these solutions don't have value, but to say passwords are outdated is a bit silly.

[–] [email protected] 3 points 11 months ago* (last edited 11 months ago) (1 children)

USB/NFC hardware keys are pretty good though, they are just the current form of smartcard hardware keys that have been around since the late 1990s for high security environments. If you worked for certain federal agencies or private sector companies, you might have used them. They are old technology at this point that has more recently been introduced into the consumer space as platforms and companies face backlash for constantly having security breaches.

[–] [email protected] 2 points 11 months ago* (last edited 11 months ago)

I have used them (coincidentally, with Okta), and they are pretty neat! I actually choose to use them instead of a smartphone app where I can, because it's much faster to use. I'd recommend them to companies as a good measure.

They are still effectively 2FA where it's just a lot harder to work out the proprietary system with which the password is encoded. So it is a sort of a 'security by obscurity', but the likelihood of someone going through all the work to disassemble your key and work it out with you noticing / before the key gets invalidated is pretty low, so unless you're protecting something super-duper high value (and assuming the manufacturer hasn't screwed up too badly), they'll do a good job.