Technology

72783 readers

2171 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

L4s@hackingne.ws

291

Google will now make passkeys the default for personal accounts (arstechnica.com)

submitted 2 years ago by Tibert@jlai.lu to c/technology@lemmy.world

192 comments fedilink hide all child comments

Passkey is some sort of specific unique key to a device allowing to use a pin on a device instead of the password. But which won't work on another device.

Now I don't know if that key can be stolen or not, or if it's really more secure or not, as people have really unsecure pins.

you are viewing a single comment's thread
view the rest of the comments

[–] alvvayson@lemmy.world 33 points 2 years ago (4 children)

It's definitely more secure, since stealing someone's phone is much more difficult to scale up compared to stealing passwords.

[–] Engywuck@lemm.ee 31 points 2 years ago (2 children)

I don't think that access to your personal data/email/files being dependent on a battery-powered electronic device is a great idea, to be honest.

[–] alvvayson@lemmy.world 2 points 2 years ago (1 children)

That's why they invented chargers, eh.

But more seriously, there are recovery procedures if you lose a phone with or without a backup and if you are willing to share the keys with a cloud provider, you can also store them there and use them on any of your devices.

Or you can get something like a yubikey if the battery aspect is really that problematic for you.

[–] Engywuck@lemm.ee 12 points 2 years ago (27 children)

The fact is that I fail to see something obviously wrong with outrageously long/complicated passwords managed by e.g. Bitwarden or the likes.

[–] confusedbytheBasics@lemmy.world 2 points 2 years ago (1 children)

Long passwords can still be phished. Passkeys cannot. It's a huge upgrade.

[–] Engywuck@lemm.ee -1 points 2 years ago (1 children)

I don't think so, but whatever.

[–] confusedbytheBasics@lemmy.world 2 points 2 years ago

What do you mean? Do you not believe the anti-phishing features will work as described for a reason?

load more comments (26 replies)

[–] AA5B@lemmy.world 1 points 2 years ago

My understanding of Apple Keychain is that every credential is useable from every device, and can be backed up and restored to a new device. Most importantly Apple doesn’t have access, although we have to trust them on that

[–] ada@lemmy.blahaj.zone 9 points 2 years ago (1 children)

It's not quite unique to a specific device. You can store your private key in a password manager or something similar, and then access it from other devices

[–] alvvayson@lemmy.world 4 points 2 years ago

Depends on your personal choice. You can definitely limit them to a single, hardeneddevice if you want the highest level of security.

For most users and most situations, a synced solution will be preferable.

[–] wreckedcarzz@lemmy.world 4 points 2 years ago

Me, at the bank:

Robbers, as they enter the bank: everybody freeze

Me: ah shit

Robbers: everyone give me your phones

Me: aw hell naw

mission impossible style shootout

[–] V0lD@lemmy.world 4 points 2 years ago (19 children)

But it becomes much easier if you want to compromise a specific target individual

load more comments (19 replies)