• @[email protected]English
    16 hours ago

    Passkeys are FIDO credentials tied to a specific app or website that let you sign in with the same method you use to unlock your device, be that biometrics or a PIN.

    As long as you can remember your phone password, you can log in to your accounts.

    So… What if your phone is stolen or if you wanted to share a login with your partner?

    How do passkeys work then?

    And if a very simple pin or phone password is all it takes to gain access to your stuff, isn’t it less secure?

  • @[email protected]English
    422 hours ago

    Untill keepass supports them i will stick to my 32 or 64 char passwords keepass generates

    • @[email protected]English
      113 hours ago

      If you’re using KeePassXC, it supports them right now. I’m using them on a few websites with the browser extension. Your mileage may vary, of course.

      • @[email protected]English
        213 hours ago

        I use KeepassDX on android as my phone is the device i use most often.

        I do use KeepassZC when i am on the laptop, but thats really not often

  • FiveMacsEnglish
    162 days ago

    Wtf is this…they say password managers aren’t very secure, but then recommend Passkeys which is literally the same thing… But less secure because they rely on biometrics which you can’t ever change, or a pin which is well…a damn password

    • @[email protected]English
      72 days ago

      Anyone who starts off telling you that they’re the most popular and trusted should probably not, in fact, be trusted. Especially if they’re calling for not using password managers. Passkeys are interesting in theory, but my understanding is that most of the implementations are just another way for big tech to track you.

    • @[email protected]English
      52 days ago

      Passkey doesn’t require biometrics necessarily. Password managers are adding support for them, so you can use bitwarden for example which supports password and a security device combo to login and use the passkeys. Passkeys should be more secure than passwords in a password manager since it would only allow using it in the proper domain preventing attacks like opening malicious links in emails or typos when typing a domain manually.

      That said a lot of the current approaches to passkeys do use biometric / pin to unlock so you gotta find what’s right for your OPSEC values.

      All that said, the article seems pretty bad.

  • @hummingbirdEnglish
    21 day ago

    Bummer… no mention of the drawbacks whatsoever.