That’s a pretty wild claim. It almost sounds like you don’t know what a passkey is. Explain.
Comment on The Fediverse Isn’t the Future. It’s the Present We’ve Been Denied.
CubitOom@infosec.pub 1 day agoOh, you can easily bypass passkeys with automation. Don’t even need an image recognition model, just a QR-code scanner like zbarimg.
But i never tried googles passkey feature since it never seemed as secure as a 48 char computer generated password. So I’m not sure exactly how it works.
4am@lemm.ee 1 day ago
CubitOom@infosec.pub 1 day ago
Oh I don’t know what it is, sorry I thought I made that clear. But a quick search by on the internet said it was basically 2fa with a qr code and since the issue was how it would protect Lemmy from. Bots I just thought it wouldn’t be hard for a not to read a qr code.
Feathercrown@lemmy.world 18 hours ago
Bruh that’s gotta be one of the worst trains of thought I’ve seen recently ngl
CubitOom@infosec.pub 17 hours ago
Well again, the claim was that somehow passkeys would stop Lemmy from being flooded by bots.
So in that situation, we aren’t talking about hacking. We are simply talking about if a login could be triggered programmatically. So if Lemmy required passkeys to be used instead of passwords. And if the passkeys required scanning a QR code to sign in. I imagine It would provide minimal disruption to an automated login.
Now if the passkeys somehow enforced a real human to do something that only a human could do, then yes it would stop an automated login. However if it’s possible to automate then it wouldn’t stop bots.
xylogx@lemmy.world 1 day ago
Go tead the FIDO threat model if you want to understand how it protects against specific attacks. It is pretty secure.
fidoalliance.org/…/fido-security-ref-v2.0-id-2018…