this post was submitted on 14 Feb 2024
264 points (88.8% liked)

Technology

60116 readers
2448 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing... that lives on my phone? What if I lose my phone? What if you steal my phone?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 20 points 10 months ago (3 children)

I highly recommend using something like Bitwarden or 1password (which can manage both passwords and passkeys), and then generating a passphrase using a method like Diceware. If you're paranoid you might prefer rolling your own with Keepass but for most people that's going to be a lot of work. I think 1password's model is about as secure as you could hope for while still trusting a 3rd party. Definitely avoid Lastpass. In addition to widely reported breaches, they don't even fully encrypt your data; only the password portion is encrypted while usernames and site data are plaintext.

[–] Codilingus 8 points 10 months ago (1 children)

Just a heads up for anyone, bitwarden can be self hosted using vaultwarden. All of the bitwarden apps and extensions will work.

Also, for anyone already using their stuff, Proton Mail rolled out their password manager. I like it so far, the free edition is good.

[–] [email protected] 4 points 10 months ago (2 children)

I just don’t trust myself enough to self host Bitwarden. It’s just too critical of a service for me to be willing to accept any mistake I might make in hosting it. Absolutely worth the $10/year (or $40/year for the whole family), to have some IT professionals and Azure doing the hosting.

[–] [email protected] 3 points 10 months ago (1 children)

Am I paying for Bitwarden?

I've legit been telling people that it's free. xD

[–] [email protected] 3 points 10 months ago

Oh well you don’t have to pay for it, but I do for the premium features, most notably family sharing of passwords

[–] Codilingus 2 points 10 months ago

Good call, and I agree. I self hosted it but mine was offline, and would only update if I was in my house. Saw proton pass release, and made the switch since I've been using their services for awhile, now.

[–] [email protected] 6 points 10 months ago (2 children)

Is keepass really a lot of work though? If you use xc you have a client that works in windows or Linux, the file itself can be hosted anywhere, I ran for years with it on a USB key. There's no accounts to create, you just download and go.

[–] [email protected] 4 points 10 months ago* (last edited 10 months ago) (1 children)

It's definitely more work than just buying the service from someone that has a ready made app. I don't think it's a thing I would recommend to, for example, my parents. I know xc has some sort of form fill thing but it's not nearly as nice as the browser plug-ins made by the various password manager vendors.

[–] [email protected] 2 points 10 months ago (1 children)

There's a Firefox plugin that provides that functionality. As for getting my parents on board, any attempt to get my mil onboard with a password manager has been futile, actually using it seems to be the biggest barrier to adoption in my anecdotal experience

[–] [email protected] 1 points 10 months ago* (last edited 10 months ago)

I'm just saying, the user needs to set up Keepass (on multiple ecosystems), find a solution to sharing their database across multiple devices (and note that sites like Dropbox or Google Drive are blocked on a lot of people's work computers), find a tool for filling those passwords in their web browser, potentially find different solutions for things like secure notes or syncing passkeys, and then maintain all of those things separately. Or they can pay a monthly fee and just have one integrated solution. A lot of people are gonna choose the latter.

[–] [email protected] 2 points 10 months ago (1 children)

KeepassXC works on Mac, too and there's KeepassDX for Android.

[–] [email protected] 1 points 10 months ago

Did not know about the Mac version, my partner is using Strongbox on her mac, I don't personally use Mac os. I've been using keepass2android for a long time, I like that there's so many different clients for keepass

[–] [email protected] 3 points 10 months ago

Since 1P switched to subscription only (which is a dealbreaker for me), I switched to Strongbox. It's based on keepass, you can store/backup/host your own vault, and it also supports both passkeys and passwords. The UX is almost as good as 1P (few little minor annoying things, but no showstoppers for me). Been great so far.