Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing… that lives on my phone? What if I lose my phone? What if you steal my phone?

  • @[email protected]
    link
    fedilink
    English
    110 months ago

    There’s no way for the average person to keep up with remembering unique, strong passwords for all the sites that require them.

    Passphrases with a simple formula to make them unique for each site.

    You just have to remember the formula, you get a strong unique password for each site.

    Easy and safe, and doesn’t tie you to a single point of failure like a specific device or a password manager.

    Add two factor authentication on top (with multiple options, of course, otherwise you’ll get locked out once you inevitably lose the second authentication method), and you can even safely use it from third party devices which you don’t want to remember how to access your accounts.

    • @subtext
      link
      English
      2
      edit-2
      10 months ago

      Except if your “formula” is to make your passwords

      Twit-(password)-ter

      …it’ll be exceedingly obvious if someone were able to get your password from Twitter and then credential stuff at any other website. That’s not real security.

      Also a password manager doesn’t have to be a single point of failure. First of all, they have like 3 or 4 points of failure before they actually lose anything, and you can always make an export or go back to a pen and paper password journal if you really want to to make an offline second point of failure.