this post was submitted on 16 Sep 2025
462 points (98.3% liked)

Programmer Humor

26373 readers
1117 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
462
GitHub auth (lemmy.world)
submitted 1 day ago by skepller@lemmy.world to c/programmer_humor@programming.dev
27 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] RustyNova@lemmy.world 99 points 1 day ago (13 children)

I kinda hate the push towards passkeys. If you have two factor Auth, going to passkeys makes you go back to 1 factor, aka less secured.

There's also more and more 2FA fatigue attacks going on, and they can affect passkeys too, and if you don't have a 2FA that involves the user writing a code on the 2FA device, passkeys could be quite possibly worse than passwords

[–] YtA4QCam2A9j7EfTgHrH 20 points 1 day ago (2 children)

Yeah. Passkeys are something I would love if they were a second factor because they are so much better than any other 2fa. And I use my yubikeys as second factors where I can. But why the hell would I not want a password too?

[–] nialv7@lemmy.world 15 points 22 hours ago

Passkeys are always supposed to be protected by another layer of authentication. e.g. a password should be required to unlock the passkey. If your passkey don't do that, stop using it.

[–] jj4211@lemmy.world 7 points 22 hours ago

If I provide passkey support and still require a password, most users will get annoyed and not bother. If I provide it as a replacement for password, then I can get them onboard more often. I'd rather have them using passkey than sticking with password.

load more comments (10 replies)