BitWarden has a desktop extension and it also handles 2FA. No reason to be using a password, which is way less secure and can be extracted from a website DB via a hack.
The passkey is still protected with another factor, such as pin code or biometrics
Like when I login to my account, I put the yubikey to usb port, then browser asks me to unlock it using pin code, then I’ll touch the yubikey to confirm I’m in physical access to it, and only then it allows the authentication
What’s wrong with passkeys? I’m in love with passwordless sign-in with yubikey, so much easier and faster than password + totp
It’s shitty user experience when forced to dig out my phone to authenticate myself to a site I barely give half a shit about.
Like I wouldn’t even have an account if it wasn’t forced, and now you assholes want my phone too?
I think you’re describing SMS passcode, totp or other such factors.
Passcode doesn’t require phone necessarily, but you can use it too
A lot of the stuff that has implemented passkeys so far are on mobile. And I mean the apps serving them out, not things you authenticate to.
BitWarden has a desktop extension and it also handles 2FA. No reason to be using a password, which is way less secure and can be extracted from a website DB via a hack.
Doesn’t the 2FA protect users still, if they only got the password?
In store my passkeys in my password manager, which has a desktop app to access passkeys. What are you using that you have to always use your phone?
Yes, extra security for your personal information is so irritating.
Security for who exactly?
If I don’t even want an account, it’s the “security” of the sites ad targeting data that IDGAF.
I don’t like how there isn’t a nice, cross-platform and secure way to sync my keys. Not all services allow multiple keys to exist at once.
The syncing of keys allows for much greater attack surface.
Its being worked on right now but the standard hasn’t been finalized yet.
Until exporting and syncing keys is properly implemented, passkeys can go kick rocks.
Bitwarden syncs passkeys.
I mean I’m just using my yubikey for the keys, it’s traveling in my pocket everywhere and use it on any platform
Until sites start disallowing youbikeys because it doesn’t make it impossible for you to backup your keys…
What is planned to happen.
Shouldn’t you still need 2fa, and use the passkey as the second auth?
The passkey is still protected with another factor, such as pin code or biometrics
Like when I login to my account, I put the yubikey to usb port, then browser asks me to unlock it using pin code, then I’ll touch the yubikey to confirm I’m in physical access to it, and only then it allows the authentication
In practice this takes about 2 seconds