You can store passkeys in your password manager lol
this post was submitted on 28 Feb 2025
540 points (93.4% liked)
memes
12239 readers
3220 users here now
Community rules
1. Be civil
No trolling, bigotry or other insulting / annoying behaviour
2. No politics
This is non-politics community. For political memes please go to !politicalmemes@lemmy.world
3. No recent reposts
Check for reposts when posting a meme, you can only repost after 1 month
4. No bots
No bots without the express approval of the mods or the admins
5. No Spam/Ads
No advertisements or spam. This is an instance rule and the only way to live.
A collection of some classic Lemmy memes for your enjoyment
Sister communities
- !tenforward@lemmy.world : Star Trek memes, chat and shitposts
- !lemmyshitpost@lemmy.world : Lemmy Shitposts, anything and everything goes.
- !linuxmemes@lemmy.world : Linux themed memes
- !comicstrips@lemmy.world : for those who love comic stories.
founded 2 years ago
MODERATORS
Uhhh... Can someone ELI18 to me the problem with passkeys? I use them wherever available and find them very convenient.
Yeah i can sum it up for you
Passkeys are one exception to the familiar pattern of "we give you more SeCuRiTY so we can spy on you more and control your behaviour better". They actually are more secure. Problem is, a lot of technical issues with it still, a ton of stuff not working correctly yet
I'm still appalled that my Yubikey / FIDO2 still doesnt work on Firefox. I have it as a passkey for GitHub, realized it doesnt work on Firefox, so they just prompt me for my password. That seems backwards to have password as a fallback, too.
load more comments
(2 replies)
Passkeys are a great idea, but everyone involved seems like they want the process to be as much of a pain in the dick as possible. So until the industry pulls it's collective head out of its collective ass (not going to hold my breath on that one), it'll be passwords+2FA for me.
It feels like everyone is trying to tie people to their platform. Oh, and also use the opportunity to force shit like "no custom ROMs or bootloader unlocking" on Android at the same time.
load more comments
(1 replies)
Jesus Christ, dude, that is exactly it.
We're trying to implement passkeys at work and the testing has been an absolute nightmare. Literally have no control over the onboarding experience because each tech giant is clamoring over each other, interjecting into the process to be the "home" for your passkeys. It's bananas.
When it's all set up, it's kinda great! But getting set up in the first place is an exercise in frustration.
It's a chance for them to lock you (normies) into their platform forever. They're not going to give that up.
load more comments
(1 replies)
I hate 2fa so much, I never thought they would come up with anything more irritating. Little did I know.
I really like 2FA as long as it's TOTP and I can use an offline app or program for it. It just works and is very easy and secure.
load more comments
(5 replies)
Remember when tap-to-pay was new and didn't work at a lot of places and some people were freaked out over it?
And now most of us use it without a 2nd thought.
I speculate passkeys will be like that.
load more comments
(3 replies)
On the contrary i want more services using passkeys instead of 2fa methods that are less secure (sms).
Has this energy...
The amount of people in this thread that don't understand passkeys surprises me. This is Lemmy. Aren't we the technical Linux nerds of the Internet?
2FA is just dead simple. I contact you, you contact me, handshake achieved. If you call me out of the blue I raise the alarm. If you get a login attempt with a failed handshake you raise the alarm.
Putting it all behind a pop up screen just isn't trustworthy to the human brain.
load more comments
(13 replies)
load more comments
(5 replies)
There's been a lot of pain in the attempt to portray it as "Just click the passkey button, and that's it! Your login is secured for life!"
No - Buddy. It is secured for this one specific device that I have biometric authentication for. What about my computer? What about my other computer that isn't on the same operating system? I have a password manager that stores these things, why didn't you save to that when I registered? Why is it trying to take this shit from my Apple Keychain when it's in Bitwarden?
And, the next ultra-big step: How would a non-techie figure this shit out?
load more comments
(12 replies)
ITT: people who think only SMS, email and TOTP exist as 2FA.
And people who think only your phone can be used as passkey.
load more comments
(1 replies)
What's wrong with passkeys? I'm in love with passwordless sign-in with yubikey, so much easier and faster than password + totp
It’s shitty user experience when forced to dig out my phone to authenticate myself to a site I barely give half a shit about.
Like I wouldn’t even have an account if it wasn’t forced, and now you assholes want my phone too?
I think you're describing SMS passcode, totp or other such factors.
Passcode doesn't require phone necessarily, but you can use it too
load more comments
(7 replies)
load more comments
(4 replies)
load more comments
(8 replies)
Unless I've missed something big, passkeys are pretty easy for me if the website supports them imo.
Using KeePassXC, I click register on the website, register the passkey with KeePass, then it just works when I need to authenticate or login. My database is then synced across all my devices.
Passkey support is yet to come to KeePassDX on Android though, so I'll be awaiting that feature
load more comments
(2 replies)
sure, you can use a passkey as a primary authentication, but only "a device" or "system"(keypass/1pass etc) knows the passkey detail. with only passkey, if my passkey provider/ device is compromised then everything is lost. having single factor auth seems like a bad idea.
a password is something that I can know, so is still useful as a protection mechanism. having two factor auth should include password and passkey, which seems entirely reasonable whilst also providing an easier path forward for people used to TOTP.
Bitches don't know bout my awesome passkeys. It's like ssh key authentication for web apps. Just save the passkeys to my password manager & presto: use same keys on all my devices.
It replaces opening a TOTP app to copy a token with a click to select the passkey in a prompt from my password manager.
load more comments
(1 replies)
Passkeys are light years ahead of 2fA in user experience. Why do you dislike them?
Security based on devices is one of the positive innovations of smartphones and perhaps the only area where they've improved over the desktop experience.
I very specifically don't want my security tied to my device. Trying to migrate to new phones, and keeping things synced between a phone, desktop, and laptop is why I long ago moved to a password manager. Now, especially in the phone space, getting passkeys to function fully with a password manager ranges from "pain in the ass" to "not actually possible".
I had a botched phone battery replacement once resulting in the phone getting replaced very unexpectedly. It was a nightmare trying to get everything back together because I stupidly used google authenticator, which is tied to the specific phone it’s on. Not tying it to the device is the way to go.
load more comments
(7 replies)
load more comments
(1 replies)
load more comments
(11 replies)
Passkey is "something you own" right?
I have something I own, it's a Yubikey
load more comments
(4 replies)
I use passkeys through 1Password and it’s vastly less irritating to me than anything involving passwords, especially 2fa. I really don’t like having to wait for email to arrive or copying down digits from a text message, which seems to be how 2fa typically works 90% of the time.
I have the opposite situation, I bought yubikeys but nobody supports them.
load more comments
(3 replies)
I thought passkeys were supposed to be more secure?
They're using the same standard as FIDO2 / WebAuthn hardware security keys. The protocol is phishing resistant, unlike TOTP and similar one time code solutions.
I prefer the physical ones, because they're easy to organize. Passkey synchronization can be annoying.
It's not for your security, it's for the company's. People suuuuuuuuck when it comes to credentials.
My company insists on expiring passwords every 28 days, and prevents reuse of the last 24 passwords. Passwords must be 14+ characters long, with forced minimum complexity requirements. All systems automatically lock or logout after 10 minutes of inactivity, so users are forced to type in their credentials frequently throughout the day.
Yes people suck with creating decent credentials, but it's the company's security policies breeding that behavior.
I don't get why people get upset at frequently expiring passwords. It's not hard: just write it on a postit note and stick it on your monitor.
load more comments
(4 replies)
I'll use banks as an example
If they cared about your security there would not be a mobile app or website.
Hell, credit cards would still require a signature.
It's about cost first and foremost and then convenience.
Has nothing about you as a consumer. They don't give 2 shits about you as a consumer.
I mean you're right about banks but your examples make no sense.
Banks generally don't support 2fa, which is bad. Some banks (fidelity) still have character limits on passwords because they stores it in plaintext until recently so you could use it through the telephone system. They could implement a secure tap to pay system on your phones with enhanced security, rather than relying on Google to handle their job. And for credit cards themselves, switch to chip and pin.
"Banks don't have mobile apps"?? "Signatures are secure"?????🤡
load more comments
(2 replies)
Do you think signatures were at all secure? If they cared about security they'd do chip+pin like most civilized countries.
load more comments
(2 replies)
I briefly looked into passkeys a while ago, but I think I remember really disliking them because they just seemed like another excuse for companies to lock you in.
Has this changed? With Bitwarden + passwords, I can change to any platform, any device, at any time, and instantly get all my creds moved over securely.
I don't want to be in a situation where I'm locked into using Android, Chrome, iOS, or whatever because I can't move my creds.
view more: next ›