this post was submitted on 28 Feb 2025

540 points (93.4% liked)

memes

12193 readers

1993 users here now

Community rules

1. Be civil

No trolling, bigotry or other insulting / annoying behaviour

2. No politics

This is non-politics community. For political memes please go to [email protected]

3. No recent reposts

Check for reposts when posting a meme, you can only repost after 1 month

4. No bots

No bots without the express approval of the mods or the admins

5. No Spam/Ads

No advertisements or spam. This is an instance rule and the only way to live.

A collection of some classic Lemmy memes for your enjoyment

Sister communities

[email protected] : Star Trek memes, chat and shitposts
[email protected] : Lemmy Shitposts, anything and everything goes.
[email protected] : Linux themed memes
[email protected] : for those who love comic stories.

founded 2 years ago

MODERATORS

[email protected]

540

Take your passkey and shove it where the sun don't shine (lemmy.world)

submitted 3 days ago by [email protected] to c/[email protected]

167 comments fedilink hide all child comments

(page 2) 50 comments

sorted by: hot top controversial new old

[–] [email protected] 35 points 3 days ago (23 children)

Passkeys are light years ahead of 2fA in user experience. Why do you dislike them?

Security based on devices is one of the positive innovations of smartphones and perhaps the only area where they've improved over the desktop experience.

[–] [email protected] 13 points 3 days ago (3 children)

Why would I want security based on a device? What security this offers greater than a 64 chars password + 2FA?

load more comments (3 replies)

load more comments (22 replies)

[–] [email protected] 14 points 3 days ago (1 children)

I thought passkeys were supposed to be more secure?

[–] [email protected] 13 points 3 days ago

They're using the same standard as FIDO2 / WebAuthn hardware security keys. The protocol is phishing resistant, unlike TOTP and similar one time code solutions.

I prefer the physical ones, because they're easy to organize. Passkey synchronization can be annoying.

[–] [email protected] 16 points 3 days ago (6 children)

It's not for your security, it's for the company's. People suuuuuuuuck when it comes to credentials.

load more comments (6 replies)

[–] [email protected] 18 points 3 days ago (1 children)

I briefly looked into passkeys a while ago, but I think I remember really disliking them because they just seemed like another excuse for companies to lock you in.

Has this changed? With Bitwarden + passwords, I can change to any platform, any device, at any time, and instantly get all my creds moved over securely.

I don't want to be in a situation where I'm locked into using Android, Chrome, iOS, or whatever because I can't move my creds.

[–] [email protected] 26 points 3 days ago (9 children)

Bitwarden has passkey support! Syncs too!

load more comments (9 replies)

[–] [email protected] 4 points 2 days ago (5 children)

I have no idea what a passkey is and I will probably only learn what it is when they become mandatory

I will just use passwords + 2FA for the moment

load more comments (5 replies)

[–] [email protected] 3 points 2 days ago (1 children)

Passkeys are phishing resistant, or so they say... but the web app still needs to let you in with password + 2FA... So I'm not sure how much that's really worth.

I guess if the users are typically never seeing a 2FA prompt then it should be more suspicious when they see one?

[–] [email protected] 3 points 2 days ago

Passkeys are a replacement for passwords. Passwords don’t solve the problem of a lost password, and passkeys don’t solve the problem of a lost passkey. How a site deals with lost credentials is up to them. It doesn’t need to be password + 2FA.

load more comments