this post was submitted on 09 Apr 2024
502 points (92.7% liked)

Technology

71955 readers
3858 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
502
Big Tech passkey implementations are a trap | Proton (proton.me)
submitted 1 year ago by AnActOfCreation@programming.dev to c/technology@lemmy.world
205 comments fedilink hide all child comments
 
  • Big Tech has implemented passkeys in a way that locks users into their platforms rather than providing universal security
  • Passkeys were developed to replace passwords for better account security, but their rollout by Apple and Google has limited their potential
  • Proton Pass offers passkeys that are universal, easy to use, and available to everyone for improved online security and privacy.
you are viewing a single comment's thread
view the rest of the comments
[–] CriticalMiss@lemmy.world 50 points 1 year ago (3 children)

When vaultwarden supports this I’ll play ball. If I don’t have control over my authentication methods, then they aren’t my authentication methods.

[–] cooopsspace@infosec.pub 8 points 1 year ago* (last edited 1 year ago) (3 children)

Do you really think it's a good idea to store your password, TOTP and pass key in one place?

[–] hydration9806@lemmy.ml 14 points 1 year ago (1 children)

Yes, as long as that place is only accessible by a physical passkey (such as a Yubikey). The risk is miniscule and the convenience is 100% worth it.

[–] cooopsspace@infosec.pub 2 points 1 year ago

I'm actually not sold that I should be putting all my keys in a single password manager like Bitwarden.

[–] DreamlandLividity@lemmy.world 3 points 1 year ago (1 children)

To my bank? No. To a Lemmy account? Yep.

[–] Reddfugee42@lemmy.world 4 points 1 year ago (1 children)

Treating social media accounts as irrelevant is fine as long as none of your real life friends associate with you on the same platform. Once that's the case, scammers can take over your platform and send messages to your friends telling them you're stuck and need money or other sorts of things that sound ridiculous but work all the time.

[–] DreamlandLividity@lemmy.world 2 points 1 year ago

I am not treating them as irrelevant, hence a password manager. But I am not treating it as fort knox. Most of my real-life friends probably don't even go that far.

[–] ikidd@lemmy.world 4 points 1 year ago (1 children)

Bitwarden does, not sure about the self-hosted version.

[–] dantheclamman@lemmy.world 2 points 1 year ago

Still waiting for the mobile app. Maybe the firefox addon would work, but would prefer the app

[–] bitwolf@lemmy.one 3 points 1 year ago

Vaultwarden has supported pass keys for a while. The client app does all the hard work in this pattern.