zlacker

[parent] [thread] 4 comments
1. ipsi+(OP)[view] [source] 2025-05-21 12:40:29
And yet that's not enough, even when someone very definitely knows better: https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mail...

Turns out that under certain conditions, such as severe exhaustion, that "sus filter" just... doesn't turn on quickly enough. The aim of passkeys is to ensure that it _cannot_ happen, no matter how exhausted/stressed/etc someone is. I'm not familiar enough with passkeys to pass judgement on them, but I do think there's a real problem they're trying to solve.

replies(1): >>diggan+Q1
2. diggan+Q1[view] [source] 2025-05-21 12:56:37
>>ipsi+(OP)
If you're saying something is less secure because the users might suffer from "severe exhaustion", then I know that there aren't any proper arguments for migrating to it. Thanks for confirming I can continue using OTP without feeling like I might be missing something :)
replies(2): >>skydha+I6 >>simonw+mG
◧◩
3. skydha+I6[view] [source] [discussion] 2025-05-21 13:32:04
>>diggan+Q1
> If you're saying something is less secure because the users might suffer from "severe exhaustion"

Something "$5 wrench"

https://xkcd.com/538/

◧◩
4. simonw+mG[view] [source] [discussion] 2025-05-21 16:57:34
>>diggan+Q1
Passkeys genuinely do protect against severe exhaustion attacks.
replies(1): >>diggan+xC2
◧◩◪
5. diggan+xC2[view] [source] [discussion] 2025-05-22 11:21:16
>>simonw+mG
Yeah, but they genuinely also prevent you from moving away from companies in the process of enshittification, since the whole export/import thing seemingly hasn't been figured out or even less been deployed yet.

Besides, if you ignore security alarm-bells going off when exhausted, I'm not sure what solution can 100% protect you.

[go to top]