A new login technique is becoming available in 2023: the passkey. The passkey promises to solve phishing and prevent password reuse. But lots of smart and security-oriented folks are confused about what exactly a passkey is. There’s a good reason for that. A passkey is in some sense one of two (or three) different things, depending on how it’s stored.
Use a password manager that implements passkey like Bitwarden that syncs up to a server. Or you can host your own Bitwarden sync server with Vaultwarden if you don’t like the thought of a cloud sync.
As far as I know the Bitwarden browser plugin for Firefox does not yet support WebAuthn/Passkeys, as it’s still on the September release. Chrome is already on the October version. A build of Vaultwarden from yesterday onwards should support storing it, once your browser is ready.
It’s already a huge problem now. Lots of people only have one auth device they depend on for everything. At least passkeys come with standards which should help spread the use of vault sync and backups and hopefully those practices become the norm.
They mention it in here. I don’t know about Android, Apple synchronizes them between devices. The way they do it seems pretty secure but it is still less secure than the keys being untouchable. Using multiple will be a necessity.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
I can see the “phone falls into the toilet” as a big problem that people will have.
Use a password manager that implements passkey like Bitwarden that syncs up to a server. Or you can host your own Bitwarden sync server with Vaultwarden if you don’t like the thought of a cloud sync.
As far as I know the Bitwarden browser plugin for Firefox does not yet support WebAuthn/Passkeys, as it’s still on the September release. Chrome is already on the October version. A build of Vaultwarden from yesterday onwards should support storing it, once your browser is ready.
It’s already a huge problem now. Lots of people only have one auth device they depend on for everything. At least passkeys come with standards which should help spread the use of vault sync and backups and hopefully those practices become the norm.
They mention it in here. I don’t know about Android, Apple synchronizes them between devices. The way they do it seems pretty secure but it is still less secure than the keys being untouchable. Using multiple will be a necessity.