• FiveMacs@lemmy.ca
    link
    fedilink
    English
    arrow-up
    18
    ·
    8 months ago

    Wtf is this…they say password managers aren’t very secure, but then recommend Passkeys which is literally the same thing… But less secure because they rely on biometrics which you can’t ever change, or a pin which is well…a damn password

    • boatswain@infosec.pub
      link
      fedilink
      English
      arrow-up
      9
      ·
      8 months ago

      Anyone who starts off telling you that they’re the most popular and trusted should probably not, in fact, be trusted. Especially if they’re calling for not using password managers. Passkeys are interesting in theory, but my understanding is that most of the implementations are just another way for big tech to track you.

    • seang96@spgrn.com
      link
      fedilink
      English
      arrow-up
      6
      ·
      8 months ago

      Passkey doesn’t require biometrics necessarily. Password managers are adding support for them, so you can use bitwarden for example which supports password and a security device combo to login and use the passkeys. Passkeys should be more secure than passwords in a password manager since it would only allow using it in the proper domain preventing attacks like opening malicious links in emails or typos when typing a domain manually.

      That said a lot of the current approaches to passkeys do use biometric / pin to unlock so you gotta find what’s right for your OPSEC values.

      All that said, the article seems pretty bad.

  • Showroom7561@lemmy.ca
    link
    fedilink
    English
    arrow-up
    1
    ·
    8 months ago

    Passkeys are FIDO credentials tied to a specific app or website that let you sign in with the same method you use to unlock your device, be that biometrics or a PIN.

    As long as you can remember your phone password, you can log in to your accounts.

    So… What if your phone is stolen or if you wanted to share a login with your partner?

    How do passkeys work then?

    And if a very simple pin or phone password is all it takes to gain access to your stuff, isn’t it less secure?