Over 5,300 GitLab servers exposed to zero-click account takeover attacks - eviltoast
  • Encrypt-Keeper@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    10 months ago

    I am a fan of passkeys. Particularly because they essentially function as hardware 2fa, except they’re the only factor, which isn’t as big of a problem because it’s not something you can steal in a service breach like passwords. I’ve also noticed that even when using passkeys, most sites let you force a TOTP code as well anyway.

    • Flying_Hellfish@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      10 months ago

      Very true, the big issue with them is a lot of popular hardware keys, including the yubikeys that I have, are limited to the number passkeys they can store (yubikey is 25 unique). Luckily password managers are starting to support them, but now you’re back to having a strong password + hardware 2FA to store those passkeys anyway.

      I do like TOTP or just hardware 2FA as a backup for my passkeys. What I really can’t stand is sties that only offer SMS as 2FA, it makes me more angry than it probably should.

      • Encrypt-Keeper@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        iPhones natively support passkeys, so at the very least the iOS user base can easily use them. Not sure about Android though.