Programmer Humor

26407 readers

555 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

Feyter@programming.dev

anzo@programming.dev

BurningTurtle@programming.dev

pylapp@programming.dev

648

GitHub auth (infosec.pub)

submitted 2 days ago by skepller@lemmy.world to c/programmer_humor@programming.dev

68 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] rumba@lemmy.zip 9 points 1 day ago (4 children)

You can have more than one passkey.

You can still use password + 2fa

You can use google oauth.

You can use a YUBI key

You should probably have a primary and secondary auth for every site.

[–] 01189998819991197253 2 points 1 day ago (1 children)

So, losing a passkey isn't a lost account?

[–] rumba@lemmy.zip 1 points 1 day ago

Almost every company has some way to work around the 2FA loss.

[–] dai@lemmy.world 2 points 1 day ago (1 children)

I didn't know about the ability to use more than one passkey per platform. Something I'll have to investigate further.

[–] rumba@lemmy.zip 1 points 1 day ago (1 children)

Everybody does it differently. GitHub in particular allows multiple

If you are doing development or admin work, I would greatly advise you to pick up a Yubi Key.

My basic setup for any app/site that will allow it is two yubis and one passkey.

One yubi in the safe with next of kin instructions, one on my key ring.

Then any site that supports passkey, I'll also have one of those there too.

[–] dai@lemmy.world 1 points 5 hours ago

Yeah have been meaning to pick a few up but it's not been a top priority. Not really a developer more just a user that dabbles too much with a homelab while trying to be privacy & security conscious.

The cost alone is a bit of a hurdle with money going to life / house currently and another purchase of some silly computer thing will trigger her.

[–] MehBlah@lemmy.world 4 points 1 day ago (1 children)

Or just a password that is known to you and only you.

[–] rumba@lemmy.zip 1 points 1 day ago

Those are awfully dangerous on their own these days.

As soon as a poorly salted hash leaks or gasp, a hash with no salt, it's super easy to reverse those passwords now.

2FA severely reduces the danger of rainbow tables and keyloggers. The only real worry with 2FA is login replacement and interception. and passkey solves that, allbeit at the cost of complexity.

[–] Evotech@lemmy.world 2 points 1 day ago (1 children)

What’s the point of a passkey if you can still use a password

[–] rumba@lemmy.zip 3 points 1 day ago

password + 2FA AND/OR passkey required.

baby steps, start with getting them secure, then when most are ready start dropping the password
iron out the kinks, give all apps a chance to implement
if you only ever login with passkey and it asks you for 2fa, you can scrutinize the page more

You can tell just from the response on this post people aren't all ready for passkey yet, but you can't wait fo them to decide they're ready before you start.