Bitwarden, Dashlane, 1Password and others have joined together to make passkeys portable(bitwarden.com)

posted 23 days ago

Soothing Salamander@lemmy.ml

privacy@lemmy.ml

68 commentshide report

Looks like a huge amount of security vendors are working to have a secure and open standard for passkey portability between platforms.

It is always good to see major collaboration in the security space like this considering the harsh opinions that users of some of these vendors have toward many of the others. I just wish apps and sites would stop making me login with username and password if passkeys are meant to replace that lol.

Sort:

Hot Top Controversial New Old

You are viewing a single thread.

View all comments

[ - ]

zerozaku@lemmy.world

10 points

22 days ago

Why is the buzz around passkeys is back? I am seeing them way more often than they used to be. I think I have created passkeys for 2 apps and don’t even know how that worked, it such a breeze that almost felt it wasn’t secure lol.

In what ways the passkeys are different than authenticator apps?

permalink

report

[ - ]

Soothing Salamander@lemmy.mlOP

15 points

22 days ago

Passkeys are meant to replace password-based login whereas TOTP apps are only meant as a 2FA method.

permalink

report

parent

[ - ]

neveraskedforthis@lemmy.world

8 points

22 days ago

Convenience and security.

Authenticator apps are still vulnerable to phishing, passkeys are not.

permalink

report

parent

[ - ]

ShortN0te@lemmy.ml

13 points

22 days ago

With the ability to transfer passkeys, the attack vector phishing does not sound that far fetched. Tho i have not looked into the transfer process.

We will see i guess.

permalink

report

parent

[ - ]

Neon 🏳️‍🌈🇺🇦🇪🇺🏳️‍⚧️🇹🇼🇮🇱🏳️‍🌈@lemmy.world

3 points

22 days ago

Idk, a SSH-Key is also transferrable, yet it’s still safe

And given that Passkeys are essentially specialized ssh-keys, I don’t see the Problem.

But I’d like to know it I’m wrong.

permalink

report

parent

[ - ]

ShortN0te@lemmy.ml

3 points

22 days ago

Why do you think SSH-Keys are safe against phishing? I mean it is unlikely, that someone will just send the key per mail or upload it somewhere since most ppl using SSH-Keys are more knowledgeable.

When you now get an easy one click solution to transfer Passkeys from one Cloud provider to another it will get easier to trick a user to do that. Scenario: You get a mail from Microsoft that there is a thread and that you need to transfer your keys to their cloud.

permalink

report

parent

[ - ]

Petter1@lemm.ee

1 point

22 days ago

The thing is, that you only have to share public keys and never private ones. So you can only phish public keys…

permalink

report

parent

[ - ]

ShortN0te@lemmy.ml

2 points

22 days ago

The thing is, that you only have to share public keys and never private ones. So you can only phish public keys…

How would you sync or transfer a passkey across devices without transferring the private key?

report

[ - ]

2 points

21 days ago

You share public keys when registering the passkey on a third party service, but for the portability of the keys to other password managers (what the article is about) the private ones do need to be transferred (that’s the whole point of making them portable).

I think the phishing concerns are about attackers using this new portability feature to get a user (via phishing / social engineering) to export/move their passkeys to the attacker’s store. The point is that portability shouldn’t be so user-friendly / transparent that it becomes exploitable.

That said, I don’t know if this new protocol makes things THAT easy to port (probably not?).

permalink

report

parent

Show more comments

Privacy

!privacy@lemmy.ml

Create post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
Don’t promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

Community stats

4.8K
Monthly active users
1.6K
Posts
23K
Comments

A place to discuss privacy and freedom in the digital world.

Some Rules

Related communities

Chat rooms

Community stats

Community moderators