Tags
Aktuelle Nachrichten
America
Aus Aller Welt
Breaking News
Canada
DE
Deutsch
Deutschsprechenden
Europa
Europe
Global News
Internationale Nachrichten aus aller Welt
Japan
Japan News
Kanada
Konflikt
Korea
Krieg in der Ukraine
Latest news
Maps
Nachrichten
News
News Japan
Polen
Russischer Überfall auf die Ukraine seit 2022
Science
South Korea
Ukraine
UkraineWarVideoReport
Ukraine War Video Report
Ukrainian Conflict
United Kingdom
United States
United States of America
US
USA
USA Politics
Vereinigte Königreich Großbritannien und Nordirland
Vereinigtes Königreich
Welt
Welt-Nachrichten
Weltnachrichten
Wissenschaft
World
World News
15 Comments
>Passkeys are a more secure alternative to passwords as their private encryption key is only stored on a local device, such as your phone, and not on leaky servers that are liable being attacked. Passkeys also don’t need to be entered into a website – just verifying your identity using a biometric authenticator app that scans your face or a fingerprint will grant you entry to your account.
As if a phone can’t be hacked.
>This also makes them phishing resistant, as an attacker would not only need your personal device to log in, but also your physical form to pass authentication.
And once your digitized biometric data is compromised or stolen, you’re fucked.
I don’t know, I have only one computer with windows 11, but since it’s on my nightstand and I don’t need security (I have nothing to hide not even in the browser history :-)) I activated the pin instead of the password as I usually do. One evening I got the pin wrong 3 times out of laziness and it let me in. I’m very perplexed.
I work at a job where we can’t take in phones or electronic devices. Only passkeys would make it impossible to log in in these environments.
If Microsoft wants something it must be terrible. Avoid at all costs.
Passkeys are definitely better, but: having them all locked onto your phone is bad. If you use something like 1Password to store them then everything can be shared instead of locked on your device… but then of course your threat model changes.
The people who are going to benefit from this are the people who use the same bad password for everything.
So, FaceID except Microsoft’s.
Microsoft’s users don’t know what passkeys are.
Microsoft wanted users to adopt clippy – one of a thousand things they wanted that they didn’t get
I’m a pretty decently techy guy and I don’t understand how I’m supposed to use passkeys across devices and stuff
> There were so many different ways in which you were required to provide absolute proof of your identity these days that life could easily become extremely tiresome just from that factor alone, never mind the deeper existential problems of trying to function as a coherent consciousness in an epistemologically ambiguous physical universe. Just look at cash point machines, for instance. Queues of people standing around waiting to have their fingerprints read, their retinas scanned, bits of skin scraped from the nape of the neck and undergoing instant (or nearly instant-a good six or seven seconds in tedious reality) genetic analysis, then having to answer trick questions about members of their family they didn’t even remember they had, and about their recorded preferences for tablecloth colours. And that was just to get a bit of spare cash for the weekend. If you were trying to raise a loan for a jetcar, sign a missile treaty or pay an entire restaurant bill things could get really trying. Hence the Ident-i-Eeze. This encoded every single piece of information about you, your body and your life into one all-purpose machine-readable card that you could then carry around in your wallet, and therefore represented technology’s greatest triumph to date over both itself and plain common sense.
― Douglas Adams, The Ultimate Hitchhiker’s Guide to the Galaxy
This sounds like furthering the US lawmaker agenda of bypassing encryption. You can be compelled to provide fingerprint and other bio data to unlock or decrypt devices but passwords (have so far) been protected by the 5th amendment.
I work with people of all generations. I’ve done multiple presentations at my company about good security/password hygiene and I’m still surprised by the number of people who still keep passwords in a word doc on their desktop.
Just yesterday I helped a friend with a computer issue. She considers herself “tech savvy.” She keeps a notebook of all her usernames and passwords. The majority of her passwords are the site name plus a four or six digit number which she swears no one could figure out.
The vast majority of people have no idea what they’re doing or how to do what they do in a safer way. Passkeys aren’t perfect but they’re a helluva lot better than the username/password dynamic we’re using now.
Use vaultwarden and control your own passkeys and passwords, self hosted. Works flawlessly.
Last thing I need is Microsoft introducing something else that doesn’t work.
I’m moving my organization to security keys. We would only use passkeys for consultants. I don’t trust most of my end users phones.