A new login technique is becoming available in 2023: the passkey. The passkey promises to solve phishing and prevent password reuse. But lots of smart and security-oriented folks are confused about what exactly a passkey is. There’s a good reason for that. A passkey is in some sense one of two (or three) different things, depending on how it’s stored.
    • Snot FlickermanEnglish
      501 year ago

      Except passkeys are an Open Authentication standard from the FIDO alliance. Soooooo, not from a corporation.

      https://fidoalliance.org/passkeys/

      You can use passkeys in KeePassXC, if I understand correctly.

      They are the equivalent of using a hardware key like YubiKey or SoloKey, except the passkey is stored on your phone/PC instead of a USB thumbstick.

      • @umbrella@lemmy.ml
        -411 year ago

        still no reason to trust google with this.

        they have hijacked and dominated open source software quite a bit in the past.

        • Snot FlickermanEnglish
          641 year ago

          Except Google was only mentioned in terms of whether or not they support it.

          You’re commenting on an article from the Electronic Frontier Foundation, an organization dedicated to fighting for internet and digital freedoms, about an open standard that has only just begun being implemented widely.

          Look, I hate corpos as much as anyone, but please let’s please tone down the alarmism.

          • @catboss@feddit.de
            131 year ago

            I’d like to thank you for providing context to reactivism based solely on an emotional reaction without doing any research first.

            I am guilty of that as well, but you put effort in, explained things and that takes time. Thanks.

    • @jet@hackertalks.comEnglish
      51 year ago

      They are fine, just ssh public private keypairs but for “the web”… worse than fido2… so not really sure why they are being pushed so much above fido2