Webauthn has domain bindings and single use challenges which prevents MITM credential stealing, etc
Comment on Google will now make passkeys the default for personal accounts
Kusimulkku@lemm.ee 1 year ago“It’s old so it’s bad” is not a very convincing argument.
I think he was wondering how technically the new solution is better, especially compared to password database solutions where complex password and password reuse isn’t an issue.
Natanael@slrpnk.net 1 year ago
alvvayson@lemmy.world 1 year ago
I said the exact opposite. If the old thing works for you, go ahead and stay on it, but don’t complain about the rest of the world improving and moving forward.
Why put quotes when you are misquoting…
And I answered him, he just doesn’t want to know. I can’t solve that.
Kusimulkku@lemm.ee 1 year ago
You’re mentioning how it’s an old solution as if that was some sort of argument. If you’re not using it as an argument then it seems kinda pointless to bring it up.
I’m not sure if you even realize you’re doing it but you’re doing it again, implying that it’s better because it’s newer. That’s not a very solid argument.
I know you’ve mentioned some aspects but I’m still wondering, in your opinion, what would be the technical reason that the password database model with long and complicated passwords would be worse than the passkey setup. Or is it that they’re as good but passkey might be a lot simpler to some folk?
alvvayson@lemmy.world 1 year ago
Sorry, your arguing against some strawman here.
Keep using passwords if that’s your preferred solution.
Not my beef if you can’t see how MFA is stronger than something that can be copy-pasted in a MITM attack.
Kusimulkku@lemm.ee 1 year ago
Would be a lot easier to see it if you tried to actually explain your position tbh