Tags
Aktuelle Nachrichten
America
Aus Aller Welt
Breaking News
Canada
DE
Deutsch
Deutschsprechenden
Europa
Europe
Global News
Internationale Nachrichten aus aller Welt
Japan
Japan News
Kanada
Konflikt
Korea
Krieg in der Ukraine
Latest news
Map
Nachrichten
News
News Japan
Russischer Überfall auf die Ukraine seit 2022
Science
South Korea
Ukraine
UkraineWarVideoReport
Ukraine War Video Report
Ukrainian Conflict
UkrainianConflict
United Kingdom
United States
United States of America
US
USA
USA Politics
Vereinigte Königreich Großbritannien und Nordirland
Vereinigtes Königreich
Welt
Welt-Nachrichten
Weltnachrichten
Wissenschaft
World
World News
9 Comments
Not once in that article did they explain what a passkey is.
Edit: don’t explain passkeys to me; I’m criticizing the article for making a claim without explaining to the general audience what it is.
Tl;dr: more passkeys
I worry sometimes with MFA that if I lost my phone I would not be able to log into anything. My digital life would be at a standstill.
It seems like a massive single point of failure.
I am on the fence on passkey.
# 1) Syncing (that this article seems to address)
The current passkeys work as standalone hardware – If you loose one, all its credentials are gone. -> You need to curate at least two – one for daily use and one for backup. Meaning Creating accounts is kinda limited – as you should have access to both (or you will forget to add your backup Passkey, loose the first and …).
# 2) You need to trust hardware you cannot disect.
A password, a key, … I can at least optically inspect and test. If the passkey is scecure – I cannot test. One attack vector would be to add a backdoor to the chip in the production process – and there are players in the world that can do it.
During 32C3 there was a talk about the feasability of [hardware trojan (eng translation)](https://www.youtube.com/watch?app=desktop&v=eQA0UBoJ4eo), that is very expensive, but hardly detectable if you compromose the supply chain – as it is very complicated with the current complexity of modern Chips to monitor them for third party changes.
An off-topic example would be an [apple charging cable with built-in Wifi attack abilities](https://techcrunch.com/2019/08/12/iphone-charging-cable-hack-computer-def-con/).
Passkeys suck because they don’t replace passwords. 11 years ago on my Moto X I had the ability to disable the lock screen if I trusted network or Bluetooth device was connected. I could unlock the phone with an NFC tag. These were all very convenient.
I don’t have the imagination or expertise to solve this very complicated problem, I just know that the past key system is less convenient than a password manager which can only be accessed by FaceID, Fingerprint, or system password. I wanted to auto fill and automatically sign me in, but I want to be logged off every time I close the browser.
N3v3r g0nn5 h5pp3n
Passkeys sound good in theory, but I don’t want my MFA provider knowing every site I log onto and when it happens. With current Passkey technology, Google would have that info
Nah. Too many drawbacks
Given that inputting passwords/keys requires a physical device, wouldn’t it be easiest if all devices could perform a biometric check (iris, fingerprint, voice) for all passwords as an MFA requirement?