You are viewing a single thread.
View all comments View context
-26 points

passwords were maybe the dumbest idea ever invented

permalink
report
parent
reply
12 points

What is your suggestion for a superior solution to the problems passwords solve?

permalink
report
parent
reply
4 points
*

Passkeys are becoming the industry standard. They are better in nearly every way, but would not have been possible before smartphones.

They are unique for each site, not breachable without also having a users device, not phishable, and can’t be weak by design.

permalink
report
parent
reply
10 points
*

And if you lose your device, get fucked forever!

Passkeys are passwords but worse.

permalink
report
parent
reply
30 points

Agree that passkeys are the direction we seem to be headed, much to my chagrin.

I agree with the technical advantages. Where passkeys make me uneasy is when considering their disadvantages, which I see primarily as:

  • Lack of user support for disaster recovery - let’s say you have a single smartphone with your passkeys and it falls off a bridge. You’d like to replace it but you can’t access any of your accounts because your passkey is tied to your phone. Now you’re basically locked out of the internet until you’re able to set up a new phone and sufficiently validate your identity with your identity provider and get a new passkey.
  • Consolidating access to one’s digital life to a small subset of identity providers. Most users will probably allow Apple/Google/etc to become the single gatekeeper to their digital identity. I know this isn’t a requirement of the technology, but I’ve interacted with users for long enough to see where this is headed. What’s the recourse for when someone uses social engineering to reset your passkey and an attacker is then able to fully assume your identity across a wide array of sites?
  • What does liability look like if your identity provider is coerced into sharing your passkey? In the past this would only provide access to a single account, but with passkeys it could open the door to a collection of your personal info.

There’s no silver bullet for the authentication problem, and I don’t think the passkey is an exception. What the passkey does provide is relief from credential stuffing, and I’m certain that consumer-facing websites see that as a massive advantage so I expect that eventually passwords will be relegated to the tomes of history, though it will likely be quite a slow process.

permalink
report
parent
reply
6 points

I’m fine with that as long as it works without my phone, internet or power.

So, a contactless smartcard

permalink
report
parent
reply
-1 points

private keys, etc

permalink
report
parent
reply
7 points
*

That’s literally just a long password that you can never recover your data from when you inevitably lose or forget it (remember we’re talking about the majority of users here who do not use password managers).

permalink
report
parent
reply

Technology

!technology@lemmy.world

Create post

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


Community stats

  • 17K

    Monthly active users

  • 12K

    Posts

  • 554K

    Comments