this post was submitted on 14 Feb 2024
264 points (89.3% liked)
Technology
59672 readers
2955 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
If you already have a central point to lose everything in the form of a password manager, is it any worse? What's the difference between a random password stored in your password manager that you don't remember versus a private key stored in your password manager that you're not expected to remember? You've always needed to make backups or have alternative ways to get in (recovery codes, customer support channels, etc), nothing about that has changed when going from passwords to passkeys. When passkeys are supported on sites, there can be no autofill issues (password or TOTP), no password complexity requirements, no worries about how they are hashing them on the server side, no phishing issues, etc. That's an improvement over the system we have now.
And for those that don't have a password manager, they are likely reusing passwords. Passkeys prevent the risk of password reuse and the risk of phishing.
I use a password manager and the database is automatically synchronized to multiple devices. I use syncthing for that, but a public cloud would be fine as well, because it's encrypted (well, as long as the master password is strong enough)
I export my passwords from my manager regularly and keep them on paper in a secure place. At worst, it would be massively annoying if the password manager somehow blew up. But you can't hack a paper. On the other hand, like some other person wrote, it's incredibly easy to break your phone screen and then you're screwed until you can fix it.
The person who broke their phone screen wasn't mad about not being able to access the data on it in this case, but rather that they couldn't receive a text message as the second factor to log in to their bank. Having a backup wouldn't have mattered, they couldn't receive the text. Like it or not, having two-factor authentication on accounts is a necessity with the phishing and malware problems out there. Having multiple (secure) factors attached to your account is the best protection against getting locked out.
The breaking of a phone and loss of the data on it can still be protected against by having backups in other locations or offline, like you have.