- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
cross-posted from: https://feditown.com/post/744772
The current security philosophy almost seems to be: “In order to make it secure, make it difficult to use”. This is why I propose to go a step further: “In order to make it secure, just don’t make it”. The safest account is the one that doesn’t exist or that can’t be accessed by anyone, including its owner.
I use a password manager with passkey support and still disabled all my passkeys. The user experience for passkeys is so much worse even when support exists.
How do you login from a device that doesn’t have Bitwarden on it if you have passkeys.
For example a friend’s computer etc
With a password I can type the 20 or so digits of the password. Can’t really be done with a passkey as far as I know
When I was trying out passkeys, things allowed either passkey or password still. But yes, I think this need partially reduces the security benefit of passkeys.
I’d like to hear more about the specifics if the issues you ran into. I keep delaying my options to start using passkeys because it’s a lot to take in at once and the only services implementing them seem to be the most important ones that I really don’t want to experiment with my ability to acess them. I haven’t even been looking at the details of each service’s implementation.
Really? I just used a passkey for the very first time with Google and Bitwarden and it worked quite nicely. What about passkeys is worse for you?
Just answered in a reply to a different comment.
What’s the problem with combination of manager and passkeys?
Just answered in a different comment.
Using a security key as a
password managerpasskey seems to resolve this issue (I think?), but I guess the issue is more a problem for the casual user who wouldn’t bother with a security key!