this post was submitted on 17 Sep 2025
1032 points (99.1% liked)

Programmer Humor

27029 readers
836 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] rumba@lemmy.zip 31 points 1 month ago (1 children)

Half a cryptographic key that you can't easily give to someone over the phone by accident.

[–] enumerator4829@sh.itjust.works 4 points 1 month ago (1 children)

By convention. See for example: https://github.com/keepassxreboot/keepassxc/issues/10407

We’ve had certificate authentication (backed by hardware) for ages. We could fix the UX there and be done with it, but nooooo, we are reinventing everything again. (Tangentially related: JWT, OIDC and SAML are basically kerberos with extra steps.)

[–] rumba@lemmy.zip 2 points 1 month ago (1 children)

I've been using certificate based auth on https for ages on my ops stuff. Most devices support just slapping an SSL/TLS key into their os, but not everything.

But when I wanted to use it for Jellyfin, I found TVs and sticks aren't all straightforward.

In your link, they closed that ticket as not planned because they intend to implement FIDO's secure exchange protocols. https://github.com/keepassxreboot/keepassxc/issues/11363

It should (hopefully) be secure when they get done.

[–] enumerator4829@sh.itjust.works 3 points 1 month ago

I mean, the passkey is still in there. It’s protected by convention. It’s a bearer token wrapped in a password manager, presented as a revolution.

We have the technology, can we please pour the same amount of resources into what we’ve already had for decades? Passkeys solve the UX issue for ”normal people”, that’s the selling point.