• Spotlight7573@lemmy.world
    link
    fedilink
    English
    arrow-up
    108
    ·
    3 months ago

    With a breach of this size, I think we’re officially at the point where the data about enough people is out there and knowledge based questions for security should be considered unsafe. We need to come up with different authentication methods.

        • Nurgus@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          3 months ago

          Indian accent: Hello, this is Microsoft support. Your private key is being hacked and you need to give it to us immediately for safe keeping.

          WCGW?

    • floofloof@lemmy.ca
      link
      fedilink
      English
      arrow-up
      29
      ·
      3 months ago

      We have different authentication methods. The hard bit is persuading people to use them.

      • Spotlight7573@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 months ago

        Before people can be persuaded to use them, we have to persuade or force the companies and sites to support them.

      • ag10n@lemmy.world
        link
        fedilink
        English
        arrow-up
        12
        ·
        edit-2
        3 months ago

        Tying a password to a browser or device isn’t going to make it any easier. Use a password manager and set unique string passwords for everything. If the app supports it, use FIDO physical keys instead of Passkeys

        • QuarterSwede@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          3 months ago

          … passkeys basically do all this without you having to know how. Your device /is/ the physical key and /you/ are the secondary auth. It honestly doesn’t get any easier for the user.

          • ag10n@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            3 months ago

            What options are there for migrating passkeys to a new device? Easy to lock you into that iPhone and you must use their migration tool when you upgrade. Or I just carry it on my keychain, no vendor lock in.

            • QuarterSwede@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              3 months ago

              3rd party password managers are already adding passkey support. Passkeys isn’t an Apple only security technology. FIDO has its place but passkeys is the future for most people like it or not.

              • ag10n@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                3 months ago

                Do I need a subscription service for this passkey supported password manager? Or I can just buy a hardware key that can be used on my phone or any device, password manager supported or not. Seems like the freedom and portability of a physical key, like a key to your home or car makes a ton of sense.

                Passkeys are based on and supported by the FIDO alliance.

                https://fidoalliance.org/passkeys/

    • Uli@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      5
      ·
      3 months ago

      Pirate keys for sure. Not using one is just asking for a stranger to grab your booty.