zlacker

[parent] [thread] 5 comments
1. raxxor+(OP)[view] [source] 2024-12-27 08:11:11
Even the closed-system solution pose problems. I think it didn't get much airtime, but when Chrome switched their approach to save passwords, a lot of users lost access to their accounts. A case where a feature wasn't sensibly discontinued.

The workaround now isn't using passkeys, something few people understand. Instead most seem to be migrating to an external password managers. Honestly, I don't have many arguments against this as these at least generate save passwords. There are many advantages to this approach.

I believe moving forward, sticking to passwords might indeed be more viable. I think explaining users to upload their public ssl key is safer and more universal at this point.

replies(2): >>portao+h >>lxgr+KB
2. portao+h[view] [source] 2024-12-27 08:15:18
>>raxxor+(OP)
I use password as main auth method for everything (via a pw manager) - but then I often add passkey or similar for convenience. If I get locked out I still have the trad method as fallback; for me that’s the best of both worlds.

If you don’t offer password as method I will not use your service. The worst are those that only offer code via email/sms or social login - miss me with that …

3. lxgr+KB[view] [source] 2024-12-27 15:37:37
>>raxxor+(OP)
Passkeys are too complicated, so let's have users manage public keys manually instead? You can't be serious.
replies(1): >>1oooqo+yE
◧◩
4. 1oooqo+yE[view] [source] [discussion] 2024-12-27 15:54:02
>>lxgr+KB
except passkeys bought you a false sense of security and easy. yeah the happy path is easier because you're just generating new keys... but if the user ever gets a new phone or sit in front of another device, now passkeys are more complicated than the alternative.

sadly the world became too dumbly complacent to question their devices.

replies(1): >>lxgr+FF
◧◩◪
5. lxgr+FF[view] [source] [discussion] 2024-12-27 16:00:03
>>1oooqo+yE
Logging in to Bitwarden/1Password/KeePassXC/Strongbox/... takes less than five minutes, even when using sophisticated 2FA.

Would you argue that loading a public key (load it where, actually?) is much faster? How'd you do it practically?

replies(1): >>1oooqo+EY1
◧◩◪◨
6. 1oooqo+EY1[view] [source] [discussion] 2024-12-28 03:11:50
>>lxgr+FF
five minutes to click 2 buttons? anyway.

yes, when you get your phone stolen in a trip and can't log into anything.

or when you realize nobody cares for the 5 nerds using those and require an apple or google passkey.

[go to top]