“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday.

“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday.

  • Gutless2615@ttrpg.networkEnglish
    6912·
    1 day ago

    Literally just use a password manager and 2/MFA. It’s not a problem. We have a solution.

    • shortwavesurfer@lemmy.zipEnglish
      433·
      1 day ago

      Actually, it is still a problem, because passwords are a shared secret between you and the server, which means the server has that secret in some sort of form. With passkeys, the server never has the secret.

      • Gutless2615@ttrpg.networkEnglish
        123·
        1 day ago

        The shared secret with my Vaultwarden server? Add mfa and someone needs to explain to me how passkeys do anything more than saving one single solitary click.

        • 4am@lemm.eeEnglish
          19·
          24 hours ago

          When a website gets hacked they only find public keys, which are useless without the private keys.

          Private keys stored on a password manager are still more secure, as those services are (hopefully!) designed with security in mind from the beginning.

        • shortwavesurfer@lemmy.zipEnglish
          111·
          1 day ago

          Pass keys are for websites such as Google, Facebook, TikTok, etc. And then they go into what is currently your password manager or if you don’t have one, it goes into your device. You still have to prove to that password manager that you are, who you say you are, either by a master password of some sort or biometrics.

      • Programmer Belch@lemmy.dbzer0.comEnglish
        118·
        1 day ago

        Best password manager is offline password manager.

        KeepassXC makes a file with the passwords that is encrypted, sharing this file with a server is more secure than letting the server manage your passwords

        • hikaru755@lemmy.worldEnglish
          121·
          15 hours ago

          This is not at all relevant to the comment you’re responding to. Your choice of password manager doesn’t change that whatever system you’re authenticating against still needs to have at least a hash of your password. That’s what passkeys are improving on here

        • shortwavesurfer@lemmy.zipEnglish
          41·
          1 day ago

          I agree, and that’s my method as well. Although I do not ever share the file with a server either. I only transfer it from device to device with flash drives or syncthing.