sentientRant

joined 2 weeks ago
sorted by: new top controversial old
Passkeys Explained: The End of Passwords in c/technology@lemmy.world
[–] sentientRant@lemmy.world 3 points 4 days ago

I think Google accounts are made usually for single user and thus passkeys. But may be you can try going to the share Google accounts security and there's an option skip password when possible. Disable it... May be it might work. I'm not sure tough.

Passkeys Explained: The End of Passwords in c/technology@lemmy.world
[–] sentientRant@lemmy.world 3 points 4 days ago

But the third parties actually have no access to your passkeys. The passkey stored are end to end encrypted blobs. So even if anyone gets hold of it, its useless. But a password for instance when leaked from 3rd party can be used easily as the server will have to decrypt the password at one point. So the means to decrypt the password will be at the server but passkeys aren't like that. The private passkey can be decrypted only on your device for signing the challenge. Basically your exposure was basically halved.

Passkeys Explained: The End of Passwords in c/technology@lemmy.world
[–] sentientRant@lemmy.world 4 points 4 days ago (2 children)

Today we use lots of accounts with unique passwords. Obviously these passwords have to be stored somewhere. So I disagree with you when you say it's a unique passkey thing.

Passkey has an advantage when it comes to phishing because it doesn't totally rely on human intelligence or state of mind.

From a personal experience my data was leaked online, not because of phishing or I was careless. but it was leaked from a well known third party site which I used. They were affected by a very serious breach. Many unlike me use the same passwords for their emails and stuffs. But in case of passkeys there isn't a shared secret. A breach will be useless.

Passkeys Explained: The End of Passwords in c/technology@lemmy.world
[–] sentientRant@lemmy.world 2 points 5 days ago (1 children)

Thank you... and Yes you are right... There could be many reasons like greed or could be risk management if you think from both ends of spectrum. It's sad actually they are developed on the same FIDO2 but insists on being seperate which is weird.... Also they feel that regular user wouldn't be able to set up FOSS passkey provider or may be they lose control over encryption if they share with third party.

Passkeys Explained: The End of Passwords in c/technology@lemmy.world
[–] sentientRant@lemmy.world -3 points 5 days ago

You just need to memorise the PIN at max. If your device has biometric recognition you could even use your face scan or fingerprint so even remembering a PIN is not needed in that case.

Passkeys Explained: The End of Passwords in c/technology@lemmy.world
[–] sentientRant@lemmy.world -3 points 5 days ago (2 children)

Even if you are really careful, your details can always be leaked from a company server during a breach. If the companies adopt passkeys, that issue isn't there. Because there isn't a password anyone can randomly use. That's why I feel big tech companies are moving towards it.

Passkeys Explained: The End of Passwords in c/technology@lemmy.world
[–] sentientRant@lemmy.world 7 points 5 days ago (13 children)

Yep... It's as secure as your email. Or they are just leveraging the passkeys on the emails.

280
Passkeys Explained: The End of Passwords (sentientrant.com)
 

Passkeys are built on the FIDO2 standard (CTAP2 + WebAuthn standards). They remove the shared secret, stop phishing at the source, and make credential-stuffing useless.

But adoption is still low, and interoperability between Apple, Google, and Microsoft isn’t seamless.

I broke down how passkeys work, their strengths, and what’s still missing