1·
8 hours agoThat sounds great, but also isn’t a solution for most people.
Brokkr
- 0 Posts
- 9 Comments
Joined 2 years ago
Cake day: July 17th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
It is not portable in the sense that you need bitwarden installed on the device you are trying to connect from.
Passwords can be plain text, which means I can copy, paste, and dictate them to a device that does not have additional software installed.
Not at all the same. I can type or dictate my passwords on any device with a keyboard. I am not reliant on an individual device continuing to work. In fact I could get all new devices tomorrow, with no access to any previous device, and log into all my accounts within minutes.
Passkeys do not allow, and specifically prevent, that.
They were surpassed by password managers and 2fa.
Oops, meant passkey manager, fixed it.
Sounds like a password manager would make that way easier. Changing your password would involve a few extra clicks. Also, you might want to check with your IT folks. Asking people to constantly change their password is a good way to weaken password strength. I don’t use docusign, but there is probably a setting that they can change.
Sure, they probably work great when you have your *passkey manager on the device, but that’s not when I need to have backup routes into my accounts. When using a new device, or someone else’s, having even a complicated password that can be typed or copied-pasted has way more functionality.
As far a I can tell, using passkeys would only risk locking me out of my accounts. Everyone else is already effectively locked out.
While the lock-in issue is annoying and a good reason not to adopt these, the device failure issue is a tech killer. Especially when I can use a password manager. This means I can remember two passwords (email and password manager), make them secure, and then always recover all my accounts.
Passkeys are a technology that were surpassed 10 years before their introduction and I believe the only reason they are being pushed is because security people think they are cool and tech companies would be delighted to lock you into their system.
Yes, you have to trust the company storing the passwords.
A good company can store passwords in ways that are secure to most hacking attempts. It isn’t impossible to break the encryption typically used, but it is difficult enough that most thieves will not have the resources or time to make use of the data. They want the low effort password databases, not the difficult and expensive ones.