We have different authentication methods. The hard bit is persuading people to use them.
Comment on 2.9 billion hit in one of the largest data breaches ever — full names, addresses and SSNs exposed
Spotlight7573@lemmy.world 3 months ago
With a breach of this size, I think we’re officially at the point where the data about enough people is out there and knowledge based questions for security should be considered unsafe. We need to come up with different authentication methods.
floofloof@lemmy.ca 3 months ago
Spotlight7573@lemmy.world 3 months ago
Before people can be persuaded to use them, we have to persuade or force the companies and sites to support them.
QuarterSwede@lemmy.world 3 months ago
Passkeys. They’re amazing.
ag10n@lemmy.world 3 months ago
Typing a password to a browser or device isn’t going to make it any easier. Use a password manager and set unique string passwords for everything. If the app supports it, use FIDO physical keys instead of Passkeys
1984@lemmy.today 3 months ago
Even better would be to use certificates instead of passwords. What if every website gave you a certificate signed by them, and you store that in your password manager automatically.
Maybe that’s what passkeys are… Haven’t read up on them at all.
Spotlight7573@lemmy.world 3 months ago
Basically with passkeys you have a public/private key pair that is generated for each account/each site and stored somewhere on your end somehow (on a hardware device, in a password manager, etc). When setting it up with the site you give your public key to the site so that they can recognize you in the future. When you want to prove that it’s you, the website sends you a unique challenge message and asks you to sign it (a unique message to prevent replay attacks). There’s some extra stuff in the spec regarding how the keys are stored or how the user is verified on the client side (such as having both access to the key and some kind of presence test or knowledge/biometric factor) but for the most part it’s like certificates but easier.
Passerby6497@lemmy.world 3 months ago
QuarterSwede@lemmy.world 3 months ago
… passkeys basically do all this without you having to know how. Your device /is/ the physical key and /you/ are the secondary auth. It honestly doesn’t get any easier for the user.
ag10n@lemmy.world 3 months ago
What options are there for migrating passkeys to a new device? Easy to lock you into that iPhone and you must use their migration tool when you upgrade. Or I just carry it on my keychain, no vendor lock in.
fmstrat@lemmy.nowsci.com 3 months ago
Until you realize Apple allows the iPhone to airdrop them. Ugh.
Uli@sopuli.xyz 3 months ago
Pirate keys for sure. Not using one is just asking for a stranger to grab your booty.
scottmeme@sh.itjust.works 3 months ago
I want a stranger to grab my ass sometime
ThePantser@lemmy.world 3 months ago
But I enjoy a booty grabbing.
dexterous@programming.dev 3 months ago
Pirate keys for sure.
Arrr… SA to ye all!
NotMyOldRedditName@lemmy.world 3 months ago
Start using Yubikeys
fmstrat@lemmy.nowsci.com 3 months ago
Private keys for everyone.
zer0squar3d@lemmy.dbzer0.com 3 months ago
You get a private key! And you get a private key! And you get a private key!
Nurgus@lemmy.world 3 months ago
Indian accent: Hello, this is Microsoft support. Your private key is being hacked and you need to give it to us immediately for safe keeping.
WCGW?