Comment on Passkeys Explained: The End of Passwords
HulkSmashBurgers@reddthat.com 3 weeks ago
The eco-system lock-in makes this a non-starter for me. If I could store the private keys in something like a keepass vault (or that) and do the authentication magic from that I would consider it.
KeePassXC supports passkeys directly through the Browser Integration service.
keepassxc.org/docs/KeePassXC_UserGuide#_browser_p…
There you go. Local, serverless passkeys in the software of your choice.
KeePass is great, it was my first password manager. Haven’t used it in a few years, but I’ll give it a go again after seeing this.
I am not dependent on any ecosystem for passkeys. I have a self-hosted vaultwarden instance that works with Bitwarden clients. I create and store my passkeys over there primarily and in my keepass db (which I primarily use for TOTPs) for redundancy. So if either one gets compromised, I can just delete the passkey for the accounts involved in that database.
cmhe@lemmy.world 3 weeks ago
You can? At least I do that. I host vaultwarden myself and store the paaskeys there.
Passkeys to me are just a better way to autofill in login data.
barryamelton@lemmy.world 3 weeks ago
OK, now think how nontechnical people will not be able to do it. They will be tied to Google/X-corp for all credentials, even government ones. Waiting to be banned if their social credit is too low.
frezik@lemmy.blahaj.zone 3 weeks ago
That’s the root of the problem. Nontechnical people don’t use good passwords, but all the ideas we have for replacing them are only usable by more technically minded people.
There are a variety of other reasons why passwords are bad, though.
Alaknar@sopuli.xyz 3 weeks ago
Nontechnical people can use BitWarden/Keeper/Proton Authenticator/any other major system like that instead of self-hosting.
cmhe@lemmy.world 3 weeks ago
True. But I would say that this isn’t an issue intrinsic with passkey. Many people don’t have time/energy or the attitude to think critically about technology and are herded towards Google/X-corp/etc with offers of convenience and because they are often the only offered choice on the web sites. But from the POV of passkey they just act as a password manager.
HulkSmashBurgers@reddthat.com 3 weeks ago
Oh I’m stoopit. I just looked up the documentation for keepassxc and it supports it too:
keepassxc.org/docs/KeePassXC_UserGuide#_passkeys
So I guess the next time I create an account that supports it I’ll try it and see how it goes.