this post was submitted on 16 Oct 2024
219 points (86.4% liked)

Technology

58698 readers
4566 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
219
Passwords have problems, but passkeys have more (world.hey.com)
submitted 1 day ago by exu@feditown.com to c/technology@lemmy.world
152 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] 4am@lemm.ee 21 points 1 day ago (10 children)

All the major password managers store passkeys now. I have every passkey I’ve been able to make stored in Bitwarden, and they’re accessible on all my devices.

Article is behind the times, and this dude was wrong to “rip out” passkeys as an option.

[–] phoneymouse@lemmy.world 5 points 20 hours ago (4 children)

If a password manager stores passkeys, how is that much different than just using a password manager with passwords?

[–] EncryptKeeper@lemmy.world 7 points 18 hours ago (3 children)

Storing passwords in a password manager is storing a shared secret where you can only control the security on your end and thus is still vulnerable to theft in a breach, negligence on the part of the party you’ve shared it with, phishing, man in the middle potentially, etc.

Storing a passkey in a password manager on the other hand is storing an unshared secret that nobody but you has access to, doesn’t leave your device during use, is highly phishing resistant, can’t be mishandled by the sites you use it to connect to etc.

[–] smitty825@lemmy.world 1 points 15 hours ago (2 children)

Can you elaborate a bit more? If I create a passkey on https://passkeys.io on my Mac, then store the passkey in a password manager like Bitwarden, I can log into that site on my phone. I was kinda under the impression that Bitwarden stored the private key on their servers, so if their site gets hacked, then the attacker has access to my passkey.io account?

[–] EncryptKeeper@lemmy.world 1 points 8 hours ago

Bitwarden stores your passkeys on your local device. It can sync the passkey between devices but that’s end to end encrypted, bitwarden never has access to any of your passkeys or even your passwords.

[–] Spotlight7573@lemmy.world 1 points 15 hours ago

Your vault is encrypted on your device before it's sent to Bitwarden's servers, so even they don't have access to your passwords and passkeys.

More info on how it is encrypted is here:

https://bitwarden.com/help/what-encryption-is-used/

Pretty much every password manager works like this. Having access to your data would be a liability for them.

load more comments (5 replies)