Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing… that lives on my phone? What if I lose my phone? What if you steal my phone?

  • Heavybell@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    10 months ago

    Until someone can explain to me how I can transfer, manage and control my passkeys without syncing them to some hostile corporation’s cloud infrastructure, passkeys will remain a super hard sell for me.

    • TreeGhost@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      10 months ago

      You can use Bitwarden to store passkeys. Not sure if the self hosted solution has support for it yet though.

      • sailingbythelee@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        10 months ago

        I must admit that, despite reading about passkeys a bit, I still don’t understand the actual practicalities. I seem to recall that Bitwarden can store keys, but can’t generate them. If that’s true, who generates the passkey?

        • Spotlight7573@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          10 months ago

          Bitwarden can both generate and store them in the browser extension. It can also use them through the browser extension but it can’t yet use them through the mobile apps (they’re working on it).

          • Zeroc00l@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            0
            ·
            10 months ago

            Bitwarden pro right? ($10 for the year, totally worth it). My mobile app can create/use them already too.

            • Spotlight7573@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              10 months ago

              Don’t need the premium version of Bitwarden to use passkeys. The free version works.

              That said, $10 per year is not a big cost to support the company storing your vault and developing the apps.

        • ikidd@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          10 months ago

          Bitwarden does passkeys supposedly. Haven’t tried it myself yet because I don’t know what to make of passkeys.

  • wahming@monyet.cc
    link
    fedilink
    English
    arrow-up
    1
    ·
    10 months ago

    Can somebody help me understand the advantages of passkeys over a password manager? Googling just brings up tons of advertising and obvious self promotion, or ELI5s that totally ignore best passwords practices using managers.

    • Encrypt-Keeper@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      10 months ago

      Passkeys work like a public/private key pair you’d use to secure SSH access to a server. You give the website a public key that corresponds to a private key generated on your local device. Unlike a password it’s not feasible to brute force and there’s nothing you have to remember which makes it more convenient for you to use. If a site is hacked and they gain access to the public passkey you use to authenticate, it can’t be used to authenticate anywhere.

      It’s not really an alternative to a password manager, because you can use a password manager to generate and sync a single passkey between all your devices. In fact 1Password is a big proponent of passkeys and even maintain a big directory of sites that use passkeys.

      • leftzero@lemmynsfw.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        there’s nothing you have to remember which makes it more convenient for you to use

        Unlike my devices, I always have my brain on me. Devices are much more easily lost or stolen than memories. I often might want to access sites using my account from third party devices which I don’t want to be able to use my accounts when I’m not using them.

        I just can’t understand how using passkeys (or password managers, for that matter, massive single points of failure that they are) is supposed to be in any way shape or form more convenient than simply remembering a passphrase (which can easily be customisable for each site using some simple formula so that no two sites will share the same but it’ll still be trivial to remember).

        Both password managers and passkeys seem like colossal inconveniences and security risks to me when compared to passphrases, frankly. And if you want extra security there’s always two factor authentication (with multiple alternatives in case you don’t have access to one of them, of course; otherwise you might as well delete your account).

        • subtext@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          10 months ago

          Both password managers and passkeys seem like colossal inconveniences

          Both my mom and my grandma who are extremely far from tech literate absolutely love that I forced them into using a password manager because it is so much more convenient.

          My mom wouldn’t even do the special algorithm for each site, she just had like 2 or 3 passwords that she would use depending on site requirements, and even that simple setup was far less convenient for her than a password manager. She was the one who initially had the idea to make my grandma use one because she became evangelized about how much better a password manager is than having to remember passwords.

          Your point about inconvenience is just straight up wrong.

          I would also vehemently disagree with your claim that they are a security risk unless you just straight up use them wrong / use hunter2 as your master password. But this comment is already super long so I will just stop there.