Comment on Passkeys Explained: The End of Passwords
l_b_i@pawb.social 22 hours agoI think they are being pushed because cool technology on paper. Whenever I read an article about them, I can’t help but think about the human factors. How are passkeys created, often by a password or email. okay… that looks a lot like a password. Oh you lost the passkey, here lets send you one again. It stinks of a second factor without a first. Sure, the passkey itself is hard to compromise, but how about its creation. If your email is compromised I see no difference from passwords or passkeys.
4am@lemmy.zip 19 hours ago
They don’t email you a passkey, what are you even talking about?
lmmarsano@lemmynsfw.com 6 hours ago
There are quite a few uninformed takes here. 😞
l_b_i@pawb.social 19 hours ago
The flow I hear about when people talk about passkeys is sign up with email. Code gets sent to email. Code is entered, passkey gets generated. There always seems to be some similar step that looks like that, and often you have new device or reset that looks the same. Sure the passkey itself is secure, but how do you get it, how do you generate it, how do you validate the first time?
EncryptKeeper@lemmy.world 18 hours ago
None of that is remotely true lol. You don’t get a passkey, you generate. Nothing is “sent” to you at any point in time, it has nothing to do with email.
Sxan@piefed.zip 16 hours ago
Instead of saying how it doesn’t work, it’d be more constructive to explain how it does.