this post was submitted on 11 Oct 2023
287 points (98.0% liked)

Technology

59454 readers
4277 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Passkey is some sort of specific unique key to a device allowing to use a pin on a device instead of the password. But which won't work on another device.

Now I don't know if that key can be stolen or not, or if it's really more secure or not, as people have really unsecure pins.

you are viewing a single comment's thread
view the rest of the comments
[–] darth_helmet@sh.itjust.works 8 points 1 year ago (10 children)

Use a yubikey, that doesn’t vendor-lock you to an OS ecosystem. They make one with nfc so it’s not a pain to use with your phone.

[–] russjr08@outpost.zeuslink.net 4 points 1 year ago (9 children)

I'm not sure if this is universal or specific to the last site I tried to use my Yubikey with as a passkey, but it only would allow it to be used as 2FA, not actual passwordless authentication.

I assume this is because Yubikeys don't create a secret for each individual website I suppose? Not exactly sure about that one.

[–] Companion1666@lemmy.world 1 points 1 year ago* (last edited 1 year ago) (2 children)

You can use Yubico keys as your passwordless logins. Both Google and Microsoft have this option.

[–] russjr08@outpost.zeuslink.net 1 points 1 year ago (1 children)

Strangely enough, Google lets me "add" my Yubikey as a passkey, but then does not let me sign in with it due to it not being "recognized". If I remove it as a passkey, and only use it as a 2FA token, attempt to sign in and use the "Enter your password" option, it will then let me use the key after I've entered my password as a second factor.

So it seems Google has removed the error (or its not triggering anymore) as they will have been one of the first sites I tried to create a passkey for, but it still does not let you use it as a passkey.

[–] Companion1666@lemmy.world 0 points 1 year ago

I haven't encountered this issue, yet. I'm using LibreWolf browser (v118.0) and tested logging in my Google and MS account passwordless. BTW, I have Yubico Security Key NFC (the blue one).

load more comments (6 replies)
load more comments (6 replies)