this post was submitted on 16 Oct 2024
65 points (100.0% liked)

Technology

37713 readers
680 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 
top 17 comments
sorted by: hot top controversial new old
[–] pglpm@lemmy.ca 18 points 3 weeks ago (1 children)

The current security philosophy almost seems to be: "In order to make it secure, make it difficult to use". This is why I propose to go a step further: "In order to make it secure, just don't make it". The safest account is the one that doesn't exist or that can't be accessed by anyone, including its owner.

[–] bownage@beehaw.org 2 points 3 weeks ago (1 children)

Yeah but then we can't sell you ppu licenses.

[–] pglpm@lemmy.ca 2 points 3 weeks ago
[–] ranandtoldthat@beehaw.org 12 points 3 weeks ago* (last edited 3 weeks ago) (4 children)

I use a password manager with passkey support and still disabled all my passkeys. The user experience for passkeys is so much worse even when support exists.

[–] state_electrician@discuss.tchncs.de 8 points 3 weeks ago (1 children)

Really? I just used a passkey for the very first time with Google and Bitwarden and it worked quite nicely. What about passkeys is worse for you?

[–] ranandtoldthat@beehaw.org 1 points 3 weeks ago

Just answered in a reply to a different comment.

[–] Mihies@programming.dev 3 points 3 weeks ago (1 children)

What's the problem with combination of manager and passkeys?

[–] ranandtoldthat@beehaw.org 1 points 3 weeks ago

Just answered in a different comment.

[–] ericjmorey@beehaw.org 2 points 3 weeks ago (1 children)

I'd like to hear more about the specifics if the issues you ran into. I keep delaying my options to start using passkeys because it's a lot to take in at once and the only services implementing them seem to be the most important ones that I really don't want to experiment with my ability to acess them. I haven't even been looking at the details of each service's implementation.

[–] ranandtoldthat@beehaw.org 2 points 3 weeks ago (1 children)

It's a combination of issues. First is compatibility issues. Like logging in on mobile web or app with a passkey doesn't reliably work for me. It might have been due to the password manager, but for some things the option wasn't even there afaict. If I'm going to really switch to passkeys, I want it to work more reliably.

The second is usability. Passwords in a password manager are a 2 click entry on the username or password form field. Password managers have streamlined this system over the past decade.

Passkeys, ironically, required more steps when pulling from the password manager, including required clicks in less convenient places. I hope these types of issues get ironed out eventually.

[–] Mihies@programming.dev 1 points 3 weeks ago

Yeah, both feels like password manager issues. Which one do you use?

[–] Lem453@lemmy.ca 1 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

How do you login from a device that doesn't have Bitwarden on it if you have passkeys.

For example a friend's computer etc

With a password I can type the 20 or so digits of the password. Can't really be done with a passkey as far as I know

[–] ranandtoldthat@beehaw.org 1 points 3 weeks ago

When I was trying out passkeys, things allowed either passkey or password still. But yes, I think this need partially reduces the security benefit of passkeys.

[–] smeg 2 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

Using a security key as a ~~password manager~~ passkey seems to resolve this issue (I think?), but I guess the issue is more a problem for the casual user who wouldn't bother with a security key!

[–] ericjmorey@beehaw.org 2 points 3 weeks ago (1 children)

Can you elaborate on what it means to use a security key as a password manager? I'm not sure if I understand what you mean.

[–] smeg 2 points 3 weeks ago

Whoops, I meant "passkey", I'll edit my original comment

[–] Boomkop3@reddthat.com 2 points 3 weeks ago* (last edited 3 weeks ago)

Normalize having a usb key on your keychain! Like a yubikey or something