this post was submitted on 16 Oct 2024
226 points (86.2% liked)

Technology

58713 readers
3995 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
226
Passwords have problems, but passkeys have more (world.hey.com)
submitted 1 day ago by exu@feditown.com to c/technology@lemmy.world
167 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Valmond@lemmy.world 2 points 19 hours ago (3 children)

So one password to access them all basically?

That's quite a weakness.

[–] johannesvanderwhales@lemmy.world 4 points 19 hours ago

It''s really up to the end device (and the user of said device) to decide how much security to put around the local keys. But importantly, it also requires access to the device the passkeys are stored on which is a second factor. And notably many of the implementations of it require biometrics to unlock.

The "one password" thing is also true of password managers, of course. One thing about having one master passphrase is that if you do not have to remember 50 of them, then you can make that passphrase better then you otherwise might, plus it should be unique, which prevents one of the most common attack vectors.

[–] Spotlight7573@lemmy.world 4 points 19 hours ago (1 children)

So one password to access them all basically?

That's essentially how all password managers work currently though?

[–] Valmond@lemmy.world 1 points 19 hours ago (1 children)

True, I hoped for something better :-/

[–] Spotlight7573@lemmy.world 3 points 19 hours ago

If it makes you feel better, most PINs on modern devices are hardware backed in some way (TPM, secure enclave, etc) and do things like rate limiting. They'll lock out using a PIN if it's entered incorrectly too many times.

[–] beejjorgensen@lemmy.sdf.org 2 points 19 hours ago (1 children)

If you get my master keepass password, you have all my passwords, too.

[–] Valmond@lemmy.world 1 points 19 hours ago (1 children)

As I said to Spotlight7573 yes true, I just hoped for something better.

[–] johannesvanderwhales@lemmy.world 2 points 19 hours ago

If you're paranoid about this, go buy a yubikey and use that to secure your device/access to your passkeys. Being able to secure your own data instead of relying on the admin who may or may not know what they're doing to secure the server is an advantage of passkeys.