Passkey technology is elegant, but it’s most definitely not usable security \ stacker news ~tech

pull down to refresh

Passkey technology is elegant, but it’s most definitely not usable security arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/

591 sats \ 6 comments \ @south_korea_ln 31 Dec 2024 tech

Too many cooks in the kitchen

"Most try to funnel you into a vendor's sync passkey option, and don't make it clear how you can use other things," Brown noted. "Chrome, Apple, Windows, all try to force you to use their synced passkeys by default, and you have to click through prompts to use alternatives."

Are you using passkeys?

Or have you mastered inter platform password managers? If so, which one do you recommend and why?

Or are you still deciding on passwords by hand for each website? Are you worried about password data reaches containing your info?

Or do you only use websites that support lightning authentication?~~

view all related items

214 sats \ 0 replies \ @Bell_curve 31 Dec 2024

Proton for password manager

edit: I forgot to mention I distinguish between financial/bank accounts vs other

I have a passkey for a couple accounts, more for testing and if I like it and if I forget what the key is

21 sats \ 0 replies \ @john_doe 31 Dec 2024

I quite like how GitHub uses passkeys. With a Yubikey, one click and one tap are enough to login. If a pin is setup there can be additionally a dialog to enter it, but it is still quick and user-friendly. To anyone I recommend Bitwarden as I think it is the easiest to use on any device, although I prefer to use KeepassXC with syncthing for sync. I hosted for some time Vaultwarden but I think it would make more sense in a family setting rather than individual. In case of one user I think KeePass is better. For the master password currently I saved it in a hardware wallet but don't yet found a nice way to easily get it on desktop. I use libpam with fido2 on desktop, nice application of Yubikeys. Lightning authentication is nice isn't it!

11 sats \ 0 replies \ @DEADBEEF 31 Dec 2024

Bitwarden works well with Passkeys and that’s what I’ve been using with no issues.

11 sats \ 0 replies \ @022fbc9cef 31 Dec 2024

If you already have a solid password manager, passkeys work well. For people who don't have password managers, passkeys are a trap.

11 sats \ 0 replies \ @cleaningup12 31 Dec 2024

Use proton pass for ease

Only put stuff on there I wouldn't mind terribly if it leaked

Any important stuff offline physical world only

11 sats \ 0 replies \ @SimpleStacker 31 Dec 2024

In April, Son Nguyen Kim, the product lead for the free Proton Pass password manager, penned a post titled Big Tech passkey implementations are a trap. In it, he complained that passkey implementations to date lock users into the platform they created the credential on.

I suspect that "lock users into the platform they created the credential on" is part of the point.

That being said, I'm not using passkeys because I don't fully understand them. Since I don't fully understand them, I always "skip" or "not now" when a site asks me to set up passkeys. I use Bitwarden as a password manager.