Google will now make passkeys the default for personal accounts - eviltoast

Passkey is some sort of specific unique key to a device allowing to use a pin on a device instead of the password. But which won’t work on another device.

Now I don’t know if that key can be stolen or not, or if it’s really more secure or not, as people have really unsecure pins.

  • killeronthecorner@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Each to their own but cloud syncing and MFA are a bad mix in my eyes. It has a “who watches the watchmen” problem and it somewhat defeats the point of having a trusted factor when you have an untrusted one on “someone else’s computer”.

    Authy have demonstrated why this is a problem (https://techcrunch.com/2022/08/26/twilio-breach-authy/), plus they’re closed source, so it’s a big no from me.

    • derpgon@programming.dev
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Vaultwarden, a FOSS Bitwarden server compatible with upstream clients, is able to store TOTP, and when self hosted, you are the watchmen.