this post was submitted on 14 Feb 2024
253 points (89.4% liked)

Technology

74130 readers
3020 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
 

Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing... that lives on my phone? What if I lose my phone? What if you steal my phone?

you are viewing a single comment's thread
view the rest of the comments
[–] 0nekoneko7@lemmy.world 2 points 2 years ago* (last edited 2 years ago) (2 children)

People are making things more complicated than they already are. I simply keep my passwords and passphrases inside my memory.

P.S. My password is not 'Password123456'

[–] LastYearsPumpkin@feddit.ch 35 points 2 years ago (3 children)

There's no way for the average person to keep up with remembering unique, strong passwords for all the sites that require them.

You either have to write it down, save it in a password manager, reuse passwords, or have simplified passwords or patterns.

[–] RippleEffect@lemm.ee 18 points 2 years ago

My vote is password manager. You can use 1 really good password for it and as many stupidly good passwords anywhere else since youre likely auto filling or pasting it in.

Just if your using it locally, remember to take a backup.

[–] leftzero@lemmynsfw.com 1 points 2 years ago (1 children)

There's no way for the average person to keep up with remembering unique, strong passwords for all the sites that require them.

Passphrases with a simple formula to make them unique for each site.

You just have to remember the formula, you get a strong unique password for each site.

Easy and safe, and doesn't tie you to a single point of failure like a specific device or a password manager.

Add two factor authentication on top (with multiple options, of course, otherwise you'll get locked out once you inevitably lose the second authentication method), and you can even safely use it from third party devices which you don't want to remember how to access your accounts.

[–] subtext@lemmy.world 2 points 2 years ago* (last edited 2 years ago)

Except if your “formula” is to make your passwords

Twit-(password)-ter

…it’ll be exceedingly obvious if someone were able to get your password from Twitter and then credential stuff at any other website. That’s not real security.

Also a password manager doesn’t have to be a single point of failure. First of all, they have like 3 or 4 points of failure before they actually lose anything, and you can always make an export or go back to a pen and paper password journal if you really want to to make an offline second point of failure.

[–] Darkassassin07@lemmy.ca 3 points 2 years ago (2 children)

How do you remember 70+ different password+username combinations?

Or do you just re-use passwords....

[–] 0nekoneko7@lemmy.world 1 points 2 years ago* (last edited 2 years ago) (1 children)

I have a system of pattern for every new password. So I just have to remember the pattern of things (a pseudo algorithm) that I use to generate new password. I won't say that it's uncrackable. But, works for me. And I don't think anyone care enough to go after my passwords.

[–] Darkassassin07@lemmy.ca 2 points 2 years ago

The problem I have with a system like that is it doesn't account for leaked passwords/data breaches.

When you find one of those services has had a data breach and your password was compromised; you've now gotta adjust your mental algorithm to make an entirely different pattern, either for every site, or you've gotta remember each of the changes you've made for specific sites.

Long term it turns into a mess.

[–] 0nekoneko7@lemmy.world 1 points 2 years ago* (last edited 2 years ago)