memes

12865 readers

3075 users here now

Community rules

1. Be civil

No trolling, bigotry or other insulting / annoying behaviour

2. No politics

This is non-politics community. For political memes please go to !politicalmemes@lemmy.world

3. No recent reposts

Check for reposts when posting a meme, you can only repost after 1 month

4. No bots

No bots without the express approval of the mods or the admins

5. No Spam/Ads

No advertisements or spam. This is an instance rule and the only way to live.

A collection of some classic Lemmy memes for your enjoyment

Sister communities

!tenforward@lemmy.world : Star Trek memes, chat and shitposts
!lemmyshitpost@lemmy.world : Lemmy Shitposts, anything and everything goes.
!linuxmemes@lemmy.world : Linux themed memes
!comicstrips@lemmy.world : for those who love comic stories.

founded 2 years ago

MODERATORS

Tenthrow@lemmy.world

The_Picard_Maneuver@lemmy.world

The_Picard_Maneuver@startrek.website

549

Take your passkey and shove it where the sun don't shine (lemmy.world)

submitted 1 week ago by cm0002@lemmy.world to c/memes@lemmy.world

177 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Kusimulkku@lemm.ee 15 points 1 week ago* (last edited 1 week ago) (6 children)

A lot of the stuff that has implemented passkeys so far are on mobile. And I mean the apps serving them out, not things you authenticate to.

[–] 4am@lemm.ee 13 points 1 week ago (4 children)

BitWarden has a desktop extension and it also handles 2FA. No reason to be using a password, which is way less secure and can be extracted from a website DB via a hack.

[–] Kusimulkku@lemm.ee 4 points 1 week ago (3 children)

Doesn't the 2FA protect users still, if they only got the password?

[–] perfectly_boiled_pizza@lemmy.world 3 points 1 week ago* (last edited 1 week ago) (1 children)

In practice, yes. IF IMPLEMENTED PROPERLY it would be extremely unlikely for an attacker to get in.

For example with a proper implementation of TOTP it would require an attacker to guess the correct number between 0 and 999999 in less than half a minute. Most services make you wait a little bit (often less than humans notice) between attempts and don't allow infinite attempts, so an attacker would have to be unimaginably lucky.

There are sadly lots of huge companies that DON'T IMPLEMENT 2FA PROPERLY. Sony Entertainment (account for PlayStation) for example. So a unique and long password is still important.

[–] Natanael@infosec.pub 2 points 1 week ago

TOTP can be phished remotely, passkeys / hardware security keys can't (need to get malware into the users' computer instead)

load more comments (1 replies)

load more comments (2 replies)