263
Passkeys might really kill passwords (www.theverge.com)
submitted 8 months ago by Ninjazzon@infosec.pub to c/technology@lemmy.world
179 comments fedilink hide all child comments

Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing... that lives on my phone? What if I lose my phone? What if you steal my phone?

you are viewing a single comment's thread
view the rest of the comments
[-] scorpionix@feddit.de 15 points 8 months ago

Forget about biometrics, they are way too insecure.

Our cameras have reached a stage where we can replicate fingerprints from photos. 'What you are' is useless when we leave part of us everywhere. And furthermore, in parts of the world, authorities can force you to unlock your device with biometrics but not with passwords.

[-] frezik@midwest.social 10 points 8 months ago

Biometrics can be fine when they are layered on top of other authentication methods.

[-] IphtashuFitz@lemmy.world 5 points 8 months ago

Exactly. See my reply in another thread where I describe a “person trap” that I used to go through to get into a secure facility. Its biometric check analyzed the geometry of your entire hand. It wasn’t just a fingerprint scanner.

[-] scorpionix@feddit.de 1 points 8 months ago

I strongly disagree. That's like using MD5 and saying 'It's OK, we use SHA256 down the line'. Information encrypted with it might as well be in plain text.

[-] frezik@midwest.social 5 points 8 months ago

That's not how that works. If you were using MD5 and then immediately SHA256 the output and not using it for anything else, that would be fine. You're not accomplishing much in this specific case, but it'd be fine.

When you layer security, the attacker has to pull back each layer. You don't rely on any singular layer. If the attacker needs biometrics AND a code AND a physical key, that's very good security.

[-] Spotlight7573@lemmy.world 3 points 8 months ago

For many people it works well as a trade-off between security and convenience. It may not be for everyone though and that's okay. Nothing stops you from using a password/passcode to secure your passkey instead.

this post was submitted on 14 Feb 2024
263 points (88.8% liked)

Technology

59148 readers
2453 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world