this post was submitted on 14 Oct 2024

136 points (100.0% liked)

Privacy

789 readers

4 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

136

Bitwarden, Dashlane, 1Password and others have joined together to make passkeys portable (bitwarden.com)

submitted 1 month ago by soothing_salamander@lemmy.ml to c/privacy@lemmy.ml

16 comments fedilink hide all child comments

Looks like a huge amount of security vendors are working to have a secure and open standard for passkey portability between platforms.

It is always good to see major collaboration in the security space like this considering the harsh opinions that users of some of these vendors have toward many of the others. I just wish apps and sites would stop making me login with username and password if passkeys are meant to replace that lol.

top 16 comments

sorted by: hot top controversial new old

[–] unskilled5117@feddit.org 60 points 1 month ago* (last edited 1 month ago) (1 children)

Seems like people in the comments are misunderstaning the announcement entirely. This protocol is about import and export from password managers and not about having them synced between devices. It would prevent a lock in effect. This is a great development!

FIDO Alliance’s draft specifications – Credential Exchange Protocol (CXP) and Credential Exchange Format (CXF) – define a standard format for transferring credentials in a credential manager including passwords, passkeys and more to another provider in a manner that ensures transfer are not made in the clear and are secure by default.

[–] Petter1@lemm.ee 2 points 1 month ago (1 children)

Lock in effect of passkeys is just infuriating 😂good to see progress!

[–] lud@lemm.ee 1 points 1 month ago (1 children)

I personally like it. Imo passkeys should optimally be device bound and the private keys should be stored in TPM or equivalent and be non-exportable.

[–] Petter1@lemm.ee 1 points 1 month ago (1 children)

Well, nothing is stopping you to keep passkeys only in one place, why force others to do what you like? Now we have options and less friction to switch to a competitor. Which results in more competition and that results in better products. Well theoretically..

[–] lud@lemm.ee 1 points 1 month ago* (last edited 1 month ago) (1 children)

I just don't think synced passkeys should be the default for example iOS.

What Microsoft is doing with device-bound passkeys using Windows Hello is imo great.

[–] Petter1@lemm.ee 1 points 1 month ago (1 children)

So microsoft does not require that you backup your passkeys? I thought that was the norm in all OS 😅

I think that passkeys are backed up in cloud by default isn’t that bad for the average person, since they are likely not understanding passkeys (at least right now) and don’t get that they loose access to accounts, if they disable oldscool Passwords only use one passkey on one device for that account.

[–] lud@lemm.ee 1 points 1 month ago (1 children)

You usually don't lose access though. Passkeys rarely replace passwords so you could still use your password or reset it if you don't remember it.

[–] Petter1@lemm.ee 1 points 1 month ago

That is, because we are in transition phase, the goal is that passkey replace the less secure method, else you gain only a very little more security than only Password .

[–] Petter1@lemm.ee 7 points 1 month ago

I have my passkeys in my keepass file in my private cloud since about 6month using strongbox on iOS and KeepassXC on Linux. Sadly, not many websites support passkeys on firefox for linux desktop yet… Hope this helps!

[–] umbrella@lemmy.ml 2 points 1 month ago* (last edited 1 month ago) (2 children)

yay glorified, overcomplicated passwords!

i get hate for it but just use a password manager if you can't juggle them?

[–] soothing_salamander@lemmy.ml 3 points 1 month ago (1 children)

I think it is quite the opposite for the end user. If apps/websites, begin to replace traditional password login with passkeys, this will be a measurable improvement for average consumers.

[–] umbrella@lemmy.ml 1 points 1 month ago

not really an improvement if you need extra software for it.

and cant just easily login.

[–] jbk@discuss.tchncs.de 3 points 1 month ago (1 children)

How about passkeys having solved phishing attacks?

[–] umbrella@lemmy.ml 1 points 1 month ago (1 children)

i doubt it lol

[–] smiletolerantly@awful.systems 1 points 1 month ago (1 children)

I dont exactly like passkeys, but yes, from a technical standpoint, they do indeed solve Phishing

[–] umbrella@lemmy.ml 2 points 1 month ago

eh, phishing techniques will evolve whenever this becomes a thing, if it ever does.