Clear out your password manager and switch to passkeys today. Experts warn most phishing attempts start with hacked login details, making passwords too vulnerable to hackers. Passkeys, like digital stamps, offer better security as they can't be stolen and only work on individual devices and cannot be hacked by anyone, including intelligence agencies.
>>108667664No.
Intelligence agencies be like>Use this thing! We totally can't hack it.
>>108667664normoids need to stop treating their phones like some unhackable undestructable device, we're heading to 0-day apocalypse real quick
>>108667664>Passkeys, like digital stamps, offer better security as they can't be stolen and only work on individual devices and cannot be hacked by anyonethis is unironically completely false, kek
>>108667664we clearly need physical digital ID, no passwords, you just have microchip in your hand and a biometric reader on every deviceYou can only get it stolen if someone rips it out of your hand
>>108667664I am good, snake oil salesmanpen and paper work just fine at my homewhile you might get irrationally angry at the prospect of me not using your software or paying for it, I assure you even this will be just a fleeting memory given enough timeI urge you to direct your wonderous capabilities as a software cultivator and maintainer towards more productive enterprisestoodles
>>108667664I'd use passkeys if gopass supported them
>>108667710hack my iphone nigga, i dare you. you roolly cant hack a 10 year old xiaomi remotely fucking poser
>>108667687Right. And do not google hash collisions. Nothing to see there, really.
>>108667664yes, stop using secure passwords and pesky 2fa. please start just using passkeys on your super secure phones. stop wasting brain space on passwords, put it all on those flash chips.
>>108668034Hash collisions aren't an issue if the passwords are salted
I still don't understand what passkeys are. My password manager supports them but I don't know why I would use them over passwords
>>108667919Based tinkerer.
>>108668443Imagine it's like logging into Windows with your face. Except the face is a specific device.
Only people who can pass a foreskin verification should be allowed to post on the internet.
>>108668356There are no passwords. There are key pairs. Pairs are generated per user. Collisions are possible. Also ed25519 is backdoored by design. Therefore NSA/CIA/whatever would have access to everything, no problems with salty passwords anymore.Same in China and Russia, they just use their own version of compromised crypto. Pick your favorite color of Globohomo.
>>108668443It's basically an SSH key for the web.
>>108668544If you lose your device how fucked are you?
>>108668644Aren't you using the Cloud(TM)?
>>108667664This ain't new. Everyone knows passkeys like touch- and face- ID are way more secure than a word anyone can gain access to. Better yet stop bitching about e-ID because ID is how all other aspects of your life stay secure. Imagine if you relied on a password to verify your identity at the bank. You'd get robbed every single day lmao
>>108668731I can't, I lost my phone and it was my connection to everything.I'm sending this message through carrier pigeon. Send halp
>>108668852The avian should be instructed to fetch the keys from a nearest cloud then.
>>108668644Nothing ever happens because it would be tied to your phone anyways.
>>108667664if the powers that shouldn't be tell me not to use passwords, I'll most definitely use passwords :)
>>108667664>Passkeys, like digital stamps, offer better security as they can't be stolenImagine actually being retarded enough to believe this
>>108667664>passkeysGo away, Schlomo!
>>108667664Then you rely on 2FA authentication and what happens if some 'service' is down or hacked?Keep your passwords on paper somewhere and that's that. If the security is compromised changing the way you login doesn't do shit anyway.
>>108669240See a penny, pick it up, all day long you'll have good luck. Dumb goyim don't even follow their own proverbs.
just link all your accounts to the (((passkeys))) linked in your (((google))) accountBTW your google account will be deleted if are suspected of antisemitism, islamophobia, or misogyny
There is literally no realistic solution for the password issue.
>>108669506uuh passkeys duh
i'm trying sirs, i need more time!
>>108667664But passkeys are stuck on the one device that you make them on Also you still have to login with a fucking password to even create a passkey in the first placeYou literally cannot go passwordless
>>108669804It really depends. Sometimes you can login with nothing but a passkey. Other times you can just use a password instead, which makes the passkey pointless.>But passkeys are stuck on the one device that you make them onThis is only a problem if the service only accepts one key, which apparently also happens.
>>108669506DNA+Retina hash.
Hey, I like passkeys, but not every site uses them.Besides, I still have 2FA even if a site doesn't (if a site doesn't have one or the other then that's bad security in this day and age).
My bank won't use passkeys or a standalone 2FA app (requiring me to still get text messages).
>>108668443https://simple.wikipedia.org/wiki/Public-key_cryptography
>>108669841I mean this: what if you want to login on another device that doesn't have a passkey yet? You always have to go back to using a password. Or what if you lose a device, then you also still need a password as an option to create the passkeyYou can only get a passkey if you login with a password first. Doesn't matter that after that on that one device you can login with just a passkey, the password stays an option.
>>108667664Plaintext password blend in better with the rest of the plaintext you have on your system.With passkeys you stand out because you you’re basically being a try hard, so finding where your keys are stored is easy with data forensics.
>>108669859My new bank requires their banking smartphone app to authenticate each and every internet banking login. In other words, the website is there and fully functional but you still need the app to be able to access it.
I still don't understand the difference between a password and passkey. Passkeys are longer aren't they? But I'm assuming you still have to unlock it with a password and not just leaving it out in the open? So what difference does it make whether I generate a 256 character password or use this passkey thing?
>>108669883welcome to hellare you in Europe?
>>108669867>what if you want to login on another device that doesn't have a passkey yet? You always have to go back to using a password.There are ways to use already authorised passkeys to authenticate logins on new devices, such as QR code auth. But, as with most things related to passkeys, it relies on implementation. I hear Mircosoft is experminenting with fully passwordless accounts, but I've literally never seen it in the wild yet.>Or what if you lose a device, then you also still need a password as an option to create the passkeyYou'd probably use the standard account recovery options in that case. Or just have a backup passkey, which you should.
>>108669912Of course. I have several accounts and they're all bullshit in some way. Revolut is the only one that does passkeys as far as I know, but they also require the phone app.
>>108669926Backup passkey on what fucking device?
>>108667710>we're heading to 0-day apocalypse real quickI wish it would hurry up, people have a retarded faith that tech will never go away or fuck up so its totally safe to remove the back up paper option for everything and to pass out your ID to every site. Only once it has fucked up massively will they stop.
How do I secure the device that holds my passkey?
>>108669845Can I use my anus?
>>108669966Laptop, desktop PC, tablet, phone, hardware key/crypto wallet, homeserver etc. You don't just store your entire life in your phone, do you anon?>>108669993You can buy picrel and store it up your anus, definitely.
>>108670034That means I have to have at least two devices with me whenever I'm away from home
>>108669893No difference, passkeys are just passwords that are stored in your OS's default backdoored keystore and can't be used if you try log in from a different device. It's security theater. >b-b-ut they prevent phishing attacksJust don't tell anybody your password FFS not even if John English Patel from Nigeria says it's important to fix your Microsoft.
>use this unstable piece of shit that doesn't work on Linux and has constant keystore errors on Windows or even macOS and requires (((google accounts))) on androidpasskeys are a meme, just use high-entropy random passwords and a totp on keepassxc if you want device-specific security
>>108668508windows hello is fucking brain damaged and refuses to even STORE fido keys for websites on my install
>>108669883eBay works that way.
>>108667664>>108668443>what are theyThe name of the protocol is "WebAuthn", passkeys is the normietalk word, basically at its core elliptic curve key asymmetric cryptography authentication to make websites (or web-based services) authenticate, it's not that different from how you authenticate with SSH but for web.>how do they workIn practice the website (or app?) uses an API to send a challenge (including the requester url set by the browser in such a way that it cannot be spoofed to prevent phishing) to the authenticator client (which might be a hardware key) then the client creates a signatures and sends it back.>what's good and what's badMost clients are and will be cloud and TPM based therefore completely locked down, but so are most existsing TOTP clients to be fair, but just like TOTP you can also use an open client which you can use also on your computer and without TPM, in theory nothing prevents you from storing the secret keys in files.So overrally yet another security theahter with the objecting of taking away control from user, but if you're a power user you will easily be able to retain control so not the end of the world.>>108668544>ed25519 is backdoored by designThat's a big statement to make without any proof, if SSH keys were also compromised we'd know about it, so I have to call you schizo on this one.>>108668791>passkeys like touch- and face- IDIt's only tangentially related to that, mobile operating systems may or may not enforce that when signing, but at it's core it's asymmetric cryptography authentication for the web.>>108669506There is no "password issue" in the first place, it's a made-up problem.>>108669804>>108669841Technically you could use a WebAuthn/FIDO2 that stores the keys in a file, not inside the TPM, or even make your own client, then you could of course backup it.>>108669883It's same here, and that's the worst things possible, passkeys would be unironically an improvement .
>>108670034I regret ever giving these fucks my email address. They got hacked and I got at least 10 fake trezor emails a week. I had to add a filter that just sends everything with the word trezor to spam.
>>108667664No. I’m not going to do that.
>>108667664
>>108667822This, also pictures of your face, Rambseesh can't steal that, right?
>>108667822>He doesn't realize that even yubikeys get their credentials stolen without ever having access to the device.
>>108670696>So overrally yet another security theahter with the objecting of taking away control from user, but if you're a power user you will easily be able to retain control so not the end of the world.Until it all requires apps that require attestation phones like what banks do now
>>108667664In the US, passkeys can be used by law enforcement without a warrant, whereas passwords are protected by the fifth amendment.This is why they push them so suddenly, without most devices supporting them, without explaining how they work or why you need one.
>>108669993I don't know, CAN YOU?
>>108669993can I use your anus? (if you are a woman)
>>108670696>>ed25519 is backdoored by design>That's a big statement to make without any proof, if SSH keys were also compromised we'd know about it, so I have to call you schizo on this one.He might be confused with P-256 curve.That was was very likely backdoored, and it's not just schizos saying it but many serious academics.I don't know the history of Curve25519 but unlike the P-256 curve it doesn't seem to get academics riled up.
So if you lose your phone you lose all your accounts.Awesome.
>memorize favorite song chorus, throw in some random symbols>use that long difficult to crack password as the main password for your keepass/bitwarden vault>randomly generate long passwords for every siteIt's a solved issue at this point, when AES 4096 is no longer secure I'll be long dead.
>>108672571It will be no longer secure when Mythos is published.
>>108667664> intelligence agencies reportedly staffed by cock gobblers says a trusted source> 'these people who work here are constantly trying to gobble cock, they just can't stop. we have to keep telling them to return to their desks because they're in the bathroom gobbling cock again'
>>108667664>use a passkey, they're locked to a device so they can't be stolen
>>108667710This is why i dont keep anything of value on a smartphone, its not a wallet, its not a pass key, its a fucking phone that can be hacked, lost or stolen. I keep all my PI on encrypted usb drives that need both passwords and keyfiles.
>>108673072Ok but your phone is encrypted I'd hope.
>>108673090What for, most 3 letter agencies have backdoors to smartphones these days, especially samsungs.As i said, i use a smartphone as a phone and not computer.Sure i can browse the web and download music video, but that is where it stops.
>>108673117If a 3 letter agency wants to get you they will one way or another.
>>108672593Two more weeks, right?
>>108673136Dont have social media accounts so cops can arrest me for wrong think.I dont care about this society enough to argue with fuckwits about the politics of the day. Take england for example, imagine getting arrested for a facebook post that was just shared post. People are getting 12 months in lockup for wrongthink.
>>108667664All glownigger agencies are equally guilty of allowing the foreign psyops campaigns to continue, if they cared, they would stop supporting foreign regimes performing cyberattacks against the west.They don't.Arguably, they're the ones that stand to gain the most out of almost everyone being scammed and an outcry demanding some kind of glownigger spyware to "fix it".
>>108673117>What forEncryption doesn't just prevent them from seeing what you do on it, it also prevents them from framing you by dropping cheezepizza.zip onto your phone with a USB cable. All encrypted partitions do this. To get around it, they would effectively have to format it and make it *their phone* or *their partition* and by that point it will be much harder to prove who it belongs to.It's the equivalent of why you never let cops go through any compartment of your car with your permission during a stop. It takes 10 seconds for them to give themselves a raise by throw a suspicious bag of sugar into the boot, and that's effectively it for you.
>>108673205Checked, and will look into device encryption now anon.Im not into pedo shit or porn, but that doesn't mean one cant be framed for it.
Android and Iphone are encrypted by default.
>>108673226Definitely do that, but also know that nobody fucking cares about you.
>>108673256-until they do
>>108673256>but also know that nobody fucking cares about you.You cared enough to reply and give a (you) anon.
