this post was submitted on 17 Sep 2025
1023 points (99.2% liked)

Programmer Humor

26466 readers
2454 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
1023
OAuth (piefed.europe.pub)
submitted 5 days ago by tfm@piefed.europe.pub to c/programmer_humor@programming.dev
91 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] umbrella@lemmy.ml 18 points 5 days ago (3 children)

bound to a single device

yay vendor lock in. google or meta password manager salivating.

[–] Zink@programming.dev 21 points 5 days ago

Bitwarden has been working great with me as sits transition to passkeys, even big corporate ones.

But yeah in practice, google and facebook are going to probably dominate because they are the easy + free option.

[–] Metz@lemmy.world 13 points 5 days ago (2 children)

KeepassXC supports passkeys as well.

[–] lime@feddit.nu 4 points 5 days ago* (last edited 5 days ago) (1 children)

thus rendering them redundant, because their strength is being bound to a single physical device. if they're portable, they're as good as asymmetric key pairs.

[–] 4am@lemmy.zip 10 points 5 days ago

Their strength is being half a cryptographic key, not that they’re device bound.

That was a “requirement” that big tech wanted, to force you to be dependent on TPM storage, so you’d be forced to use a Trusted(tm) device and OS. It was made optional after pushback from basically everyone else.

Password managers support Passkeys now. Bitwarden and KeePassX among others.

As long as I trust that my password manager is secure, and as long as I use a strong master password or (better) have a hardware key to unlock it, it is way more secure than a password, and I can still install Linux without losing my logins.

[–] umbrella@lemmy.ml 2 points 5 days ago

i'm assuming most people will use the default, which will probably be google lock in anyway.

[–] independantiste@sh.itjust.works 3 points 4 days ago (1 children)

that's not the point, passkeys are not vendor centric, they are a standard. you don't want to duplicate a passkey for the same reason you don't want to copy an SSH private key on multiple devices. it's a security feature that allows disabling the account access in case the device becomes compromised (lost, stolen, infected, etc.)

[–] umbrella@lemmy.ml 1 points 4 days ago* (last edited 4 days ago) (1 children)

they are standard, but so did xmpp or many others before.

[–] independantiste@sh.itjust.works 2 points 4 days ago (1 children)

xmpp is still alive and is still an open standard

[–] umbrella@lemmy.ml 0 points 4 days ago* (last edited 4 days ago)

exactly, but are people using it outside of proprietary apps like whatsapp? not really that much.

no use in being open if in practice its still controlled by monopolistic corporations.

i could use chrome or android as an example too. are there people using custom roms or forks and exercising their openness? yeah, but not that much either.