“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday.

“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday.

  • Gutless2615@ttrpg.networkEnglish
    01·
    2 months ago

    Literally just use a password manager and 2/MFA. It’s not a problem. We have a solution.

    • shortwavesurfer@lemmy.zipEnglish
      1·
      2 months ago

      Actually, it is still a problem, because passwords are a shared secret between you and the server, which means the server has that secret in some sort of form. With passkeys, the server never has the secret.

      • Programmer Belch@lemmy.dbzer0.comEnglish
        0·
        2 months ago

        Best password manager is offline password manager.

        KeepassXC makes a file with the passwords that is encrypted, sharing this file with a server is more secure than letting the server manage your passwords

        • hikaru755@lemmy.worldEnglish
          1·
          2 months ago

          This is not at all relevant to the comment you’re responding to. Your choice of password manager doesn’t change that whatever system you’re authenticating against still needs to have at least a hash of your password. That’s what passkeys are improving on here

      • Gutless2615@ttrpg.networkEnglish
        0·
        2 months ago

        The shared secret with my Vaultwarden server? Add mfa and someone needs to explain to me how passkeys do anything more than saving one single solitary click.

        • 4am@lemm.eeEnglish
          1·
          2 months ago

          When a website gets hacked they only find public keys, which are useless without the private keys.

          Private keys stored on a password manager are still more secure, as those services are (hopefully!) designed with security in mind from the beginning.

    • huginn@feddit.itEnglish
      0·
      2 months ago

      Never forget that technologically speaking you’re nothing like the average user. Only 1 in 3 users use password managers. Most people just remember 1 password and use it everywhere (or some other similarly weak setup).

      Not remembering passwords is a huge boon for most users, and passkeys are a very simple and secure way of handling it.

      • funkless_eck@sh.itjust.worksEnglish
        1·
        2 months ago

        I work for multiple organizations. The majority of which have a Google sheet with their passwords in that are

              c0mpanyname2018!

        Those that aren’t are

               pandasar3cute123?
        • Echo Dot@feddit.ukEnglish
          1·
          2 months ago

          At one point the organization I work for had a password that was literally Password-022!, guess what it was the following month?