The FOMO based businesses are preying on people with poor impulse control…which there are no shortage of in the nerd world.
The FOMO based businesses are preying on people with poor impulse control…which there are no shortage of in the nerd world.
When I recently upgraded my phone I was surprised how little got brought over automatically and how hard it was to migrate configurations. If it actually copies over all my preferences from old phone to new phone, then great. If it’s just logins then that’s not really useful.
Banana bread is super easy to make. The only reason i don’t make it more often is because it’s basically cake in disguise.
Out of curiosity are any similar products actually good? My company uses Webex and frankly I’d rather use teams.
I think they call them devops now.
Because social networks are only as good as the people who are on them.
If you want to roll your own with keepass that’s fine, but most people will want a more comprehensive solution.
If you’re paranoid about this, go buy a yubikey and use that to secure your device/access to your passkeys. Being able to secure your own data instead of relying on the admin who may or may not know what they’re doing to secure the server is an advantage of passkeys.
It’'s really up to the end device (and the user of said device) to decide how much security to put around the local keys. But importantly, it also requires access to the device the passkeys are stored on which is a second factor. And notably many of the implementations of it require biometrics to unlock.
The “one password” thing is also true of password managers, of course. One thing about having one master passphrase is that if you do not have to remember 50 of them, then you can make that passphrase better then you otherwise might, plus it should be unique, which prevents one of the most common attack vectors.
If you’ve ever used ssh it’s very similar to how ssh keys work. You create a cryptographic key for the site; this is the passkey itself. When you go to “log in” the client and server exchange cryptographic challenges, which also verifies the site’s identity (so you can’t be phished…another site can’t pretend to be your bank, and there are no credentials to steal anyway). Keys are stored locally and are generally access restricted by various methods like PIN, passphrase, security key, OTP, etc. When you’re entering your PIN it’s how the OS has chosen to secure the key storage. But you’ve also already passed one of the security hurdles just by having access to that phone/computer. It is “something you have”.
Password managers are never going to hit anywhere near 100% adoption rate. It requires knowledge on the part of the user and in many cases money. No grandma isn’t going to roll her own with keepass. Most likely she’ll never even know what a password manager is. And as long as those users are still out there, admins still have to deal with all the problems they bring.
Incidentally I looked and it’s been over a decade since I started using my first password manager. They’re not that new.
You’re looking at this from the perspective of an educated end user. You’re pretty secure already from some common attack vectors. You’re also in the minority. Passkeys are largely about the health of the entire ecosystem. Not only do they protect against credentials being stolen, they also protect against phishing attacks because identity verification is built in. That is of huge value if you’re administering a site. Yes if everyone used a password manager there would be less value, but only about a third of users do that. And as an admin you can’t just say “well that guy got phished but it’s his own fault for not using a password manager.”
I do think that we need more standard procedures around what a reset/authorize new device looks like in a passkey world. There’s a lot about that process that just seems like it’s up to the implementer. But I don’t think that invalidates passkeys as a whole, and most people are going to have access to their mobile device for 2 factor no matter where they are.
Incidentally I have no idea who this is or whether his opinion should be lent more weight.
Did you try evolving them?
He didn’t bilk Tesla shareholders into his huge pay package because he doesn’t care about money.
There are a lot of subreddits for which there is no real replacement. Sometimes the strength in a community is the people. Doesn’t matter if reddit sucks if the people are there.
It seems like the new account deleter scripts replace all comments with random text rather than actually delete them, which I’m sure makes it harder for reddit to undelete.
A lot of subreddits have done that. The problem is nobody notices…
Pretty famous among FromSoft fans.
Web 3 was crypto scams, we’re up to web 6 or 7 by now