memes

12170 readers

1851 users here now

Community rules

1. Be civil

No trolling, bigotry or other insulting / annoying behaviour

2. No politics

This is non-politics community. For political memes please go to !politicalmemes@lemmy.world

3. No recent reposts

Check for reposts when posting a meme, you can only repost after 1 month

4. No bots

No bots without the express approval of the mods or the admins

5. No Spam/Ads

No advertisements or spam. This is an instance rule and the only way to live.

A collection of some classic Lemmy memes for your enjoyment

Sister communities

!tenforward@lemmy.world : Star Trek memes, chat and shitposts
!lemmyshitpost@lemmy.world : Lemmy Shitposts, anything and everything goes.
!linuxmemes@lemmy.world : Linux themed memes
!comicstrips@lemmy.world : for those who love comic stories.

founded 2 years ago

MODERATORS

Tenthrow@lemmy.world

The_Picard_Maneuver@lemmy.world

The_Picard_Maneuver@startrek.website

533

Take your passkey and shove it where the sun don't shine (lemmy.world)

submitted 2 days ago by cm0002@lemmy.world to c/memes@lemmy.world

168 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Tiger@sh.itjust.works 3 points 1 day ago (1 children)

But I also worry about new areas of weakness with passkeys - anyone accessing the device with the passkey on it, or hacked that device, gets access automatically to the accounts. Also if logins are too fluid I worry that anything out of the ordinary during sign ins won’t be noticed.

[–] bearboiblake@pawb.social 3 points 1 day ago* (last edited 1 day ago) (1 children)

yeah that's totally true, but usually modern devices ensure that the passkeys are protected with a PIN or some biometric security, so I think it's at least as strong as having a password manager on your device that can be unlocked with a PIN.

not really sure what you mean about "out of the ordinary" logins - it sounds like you're thinking about phishing risks? but remember - passkeys cannot be phished. they verify the identity of both sides of the authentication token exchange - the server verifies you, and you verify the server. If you only use passkey authentication, you are safe from being phished. the most secure system would be one entirely without passwords/oath totp

[–] Tiger@sh.itjust.works 1 points 20 hours ago

I guess I mean if people are too used to critical services opening up without any friction, a pause to complete some sign in step, they’ll stop taking a moment to look for any warning signs, so they might miss the fact that they’re at a spoofed url, for example. Yes you’re right that the passkey wouldn’t be working at this fake site, but it could still take them out and harvest some data, interactions or credentials.