this post was submitted on 28 Feb 2025
538 points (93.4% liked)

memes

12170 readers
2440 users here now

Community rules

1. Be civilNo trolling, bigotry or other insulting / annoying behaviour

2. No politicsThis is non-politics community. For political memes please go to !politicalmemes@lemmy.world

3. No recent repostsCheck for reposts when posting a meme, you can only repost after 1 month

4. No botsNo bots without the express approval of the mods or the admins

5. No Spam/AdsNo advertisements or spam. This is an instance rule and the only way to live.

A collection of some classic Lemmy memes for your enjoyment

Sister communities

founded 2 years ago
MODERATORS
Tenthrow@lemmy.world
The_Picard_Maneuver@lemmy.world
The_Picard_Maneuver@startrek.website
538
Take your passkey and shove it where the sun don't shine (lemmy.world)
submitted 2 days ago by cm0002@lemmy.world to c/memes@lemmy.world
171 comments fedilink hide all child comments
 
(page 2) 50 comments
sorted by: hot top controversial new old
[–] hemko@lemmy.dbzer0.com 61 points 2 days ago (9 children)

What's wrong with passkeys? I'm in love with passwordless sign-in with yubikey, so much easier and faster than password + totp

[–] deegeese@sopuli.xyz 53 points 2 days ago (5 children)

It’s shitty user experience when forced to dig out my phone to authenticate myself to a site I barely give half a shit about.

Like I wouldn’t even have an account if it wasn’t forced, and now you assholes want my phone too?

[–] hemko@lemmy.dbzer0.com 44 points 2 days ago (7 children)

I think you're describing SMS passcode, totp or other such factors.

Passcode doesn't require phone necessarily, but you can use it too

load more comments (7 replies)
load more comments (4 replies)
load more comments (8 replies)
[–] geoff@lemm.ee 20 points 2 days ago

I use passkeys through 1Password and it’s vastly less irritating to me than anything involving passwords, especially 2fa. I really don’t like having to wait for email to arrive or copying down digits from a text message, which seems to be how 2fa typically works 90% of the time.

[–] pyre@lemmy.world 14 points 2 days ago (1 children)

I thought passkeys were supposed to be more secure?

[–] Natanael@infosec.pub 13 points 2 days ago

They're using the same standard as FIDO2 / WebAuthn hardware security keys. The protocol is phishing resistant, unlike TOTP and similar one time code solutions.

I prefer the physical ones, because they're easy to organize. Passkey synchronization can be annoying.

[–] yesman@lemmy.world 35 points 2 days ago (12 children)

Passkeys are light years ahead of 2fA in user experience. Why do you dislike them?

Security based on devices is one of the positive innovations of smartphones and perhaps the only area where they've improved over the desktop experience.

[–] IrateAnteater@sh.itjust.works 59 points 2 days ago (3 children)

I very specifically don't want my security tied to my device. Trying to migrate to new phones, and keeping things synced between a phone, desktop, and laptop is why I long ago moved to a password manager. Now, especially in the phone space, getting passkeys to function fully with a password manager ranges from "pain in the ass" to "not actually possible".

[–] thesohoriots@lemmy.world 28 points 2 days ago (7 children)

I had a botched phone battery replacement once resulting in the phone getting replaced very unexpectedly. It was a nightmare trying to get everything back together because I stupidly used google authenticator, which is tied to the specific phone it’s on. Not tying it to the device is the way to go.

load more comments (7 replies)
[–] 4am@lemm.ee 21 points 2 days ago (4 children)

Bitwarden: “I’m literally right here”

load more comments (4 replies)
load more comments (1 replies)
load more comments (11 replies)
[–] SleafordMod@feddit.uk 4 points 1 day ago (4 children)

I have no idea what a passkey is and I will probably only learn what it is when they become mandatory

I will just use passwords + 2FA for the moment

load more comments (4 replies)
[–] Randelung@lemmy.world 16 points 2 days ago (1 children)

It's not for your security, it's for the company's. People suuuuuuuuck when it comes to credentials.

[–] NocturnalEngineer@lemmy.world 19 points 2 days ago* (last edited 2 days ago) (5 children)

My company insists on expiring passwords every 28 days, and prevents reuse of the last 24 passwords. Passwords must be 14+ characters long, with forced minimum complexity requirements. All systems automatically lock or logout after 10 minutes of inactivity, so users are forced to type in their credentials frequently throughout the day.

Yes people suck with creating decent credentials, but it's the company's security policies breeding that behavior.

[–] oatscoop@midwest.social 11 points 2 days ago

I don't get why people get upset at frequently expiring passwords. It's not hard: just write it on a postit note and stick it on your monitor.

[–] Tiger@sh.itjust.works 4 points 1 day ago

Tell them the NIST recommendations for password frequency changes have been really reduced in recent times because it pushes people into other bad password practices. Among all factors, changing the password frequently is the least important.

load more comments (3 replies)
[–] OpenPassageways@lemmy.zip 3 points 1 day ago (1 children)

Passkeys are phishing resistant, or so they say... but the web app still needs to let you in with password + 2FA... So I'm not sure how much that's really worth.

I guess if the users are typically never seeing a 2FA prompt then it should be more suspicious when they see one?

[–] TaviRider@reddthat.com 3 points 1 day ago

Passkeys are a replacement for passwords. Passwords don’t solve the problem of a lost password, and passkeys don’t solve the problem of a lost passkey. How a site deals with lost credentials is up to them. It doesn’t need to be password + 2FA.

load more comments
view more: ‹ prev next ›