>stop hitting yourself

>>108782106
gay ass nigga

God passkeys are fucking vile. My goddamn leftover HSA (healthequity) forced passkey login with no other option. I had to install their app and set one up on my phone just to finally fully drain my account so I could close it.

If I see mandatory passkeys going any further, I'm going to take the plunge and just develop a completely walled off setup with a "modern" computer and phone that I use for banking and whatever, and "old" computers and phone for everything else.

>>108782106
but all of this is a choice and I don't do any of that

>>108782491
Can you boomer larp? I routinely tell people "I can't. Its not possible. I'm not able to." When they ask me to set up any kind of app/passkey. You can just tell them you have a landline and no computer.

Passkeys are good. Main problem is there's practically no service implementing them in a sane way as of yet. And you CAN use whatever manager you want for them, so I don't know what your problem is.

>>108782106
even if they make smartphones mandatory I'll still refuse :)

>>108784416
My grandparents get their OTP's through the post.

File: Passkeys.png (34 KB, 683x281)

34 KB PNG

>>108782106
Our security agencies are telling us to use passkeys. I think it is for our benefit in this very dangerous and uncertain world. Our enemies are out to get us.

they're convenient until you lose your phone and can't do any 2FA stuff

>>108782106
What's wrong with passkeys?

>>108786267
Vendor lock-in is the big one. You make a passkey for some important website like Health-inequity for your HSA, then you get a new phone and want to transfer your passkey over. Well, too bad, you can't.

>>108782106
Passkey is literally 2fa but youre locked down into the software implementation by forcing you to already be signed in onto a different device, you cant even just use a custom made software to centralize your keys like with TOTPs. Why are morons and corpos shilling this sooo hard??

>>108786267
TOTP is better, and it already exists (think of Authy, or Google Authenticator)

>>108782491
>I had to install their app and set one up on my phone
what? Passkeys work with desktop password managers just fine

>>108787112
Try transferring a passkey from your phone to a desktop password manager and tell us how "fine" it is.

>>108787428
syncs just fine between my devices on Vaultwarden
>Passkeys are included in JSON exports generated by Bitwarden

>>108787469
That's not transferring between programs. If you'd set the passkey up on your phone in the OS vault, you'd be saying something different.

>>108782757
This works for now but it's only a matter of time until the boomers are dead and they can safely revoke it as an option.

>>108786935
it's also a huge pain in the ass to transfer over TOTPs
I have not found a way to do it with Google Authenticator for example.
Every time I get a new phone I have to set up 20 new 2FAs, and pray I still have all the recovery codes

Usecase for any auth beyond signing a message with your Monero or Bitcoin or whatever wallet?

>>108787498
Indeed. Never ever use the OS authenticator for anything you want to transfer again.
For Android, use Aegis for TOTP instead.

>>108787498
KeepassXC/DX?

>>108787545
stupid advice. you need hardware totp. buy a yubikey or something similar.

>>108787928
I am an iToddler

>>108787959
No, I don't "need" anything other than a password. I certainly am not going to buy something that will actively make my life worse with daily humiliation rituals.

>>108787959
software totp is perfectly fine for personal use

>>108782106
>I don't understand SSH keys and I cry about it one 4chan

>>108787428
i did, it was as easy as tapping "export" on keepassDX, and then "import" in KeepassXC.

>>108788108
>implying SSH keys are locked in a hardware vault and can't be copied between devices
>>108788115
Cool story bro. Most people's passkeys are locked in their OS vaults and they can't do that.

>>108788721
>waaa waaa I use Internet Explorer so that proves web browsers sucks

that's a you problem genius

>>108788721
>>implying passkeys are locked in a hardware vault and can't be copied between devices

>>108788765
Ok, genius. How do I export passkeys from an Android phone stored in the OS to KeepassXC on a desktop?

>>108788917
see >>108788115
try to keep up, retard.

>>108789078
The average normie already set up their passkeys with the default Android or iOS store, so it's too late for them to do that. What are they supposed to do now?
If I was ever forced to use passkeys on my phone for something, I'd use some FOSS app that allows exporting because I'm aware of the danger, but normies don't know any of that shit.

>>108782106
Happinees doesn't exist and no, acting like a retard is not considered happiness.

>>108789161
Normies don't need to export anything, if they want to log in they'll either create a new passkey in the OS vault on their new device or PC, or they'll login with a QR code.
It's just SSH keys with a normie-proof layer on top.
No phishing, no leaking, no reuse on multiple sites. Anyone against that is a moron.

>>108787959
and use it for what? every fucking bank in my fucking country only supports sms or (((app))) 2FA on purpose

>>108789243
still not buying a smartphone :)

>>108787112
I have my passwords in my own Truecrypt+bash setup, so definitely that wouldn't work for me, first of all.

But, although I'm aware that the original, non-heinous passkey idea provided for the possibility of direct personal control, it was my understanding that *in practice*, *as implemented*, you're getting your passkey through either Google or Apple.

>>108786267
Passwords are a dead-simple "just works" thing that keep control of your accounts entirely in your hands. Passkeys are 1) yet one more glob of complexity thrown onto the system, another possible thing to go wrong that you'd have to rely on some faceless huge entity to fix; and 2) going to be administered by big tech companies, giving them control over whatever percentage of your online life has migrated to using passkeys. You know how if Google decides to unperson your gmail account, you suddenly can't do password resets or those increasingly common awful "lol we emailed you a code to log in" bullshit? If you are 100% passkeyed, Google can instantly cut off your access to all of your accounts.

>>108788108
Ok do you and that other guy know something I don't? When the HealthEquity subhumans told me I had to use a passkey, you're telling me I could have given them a key, added an entry to some sort of passkey config on my machine just like ssh config, and run some `passkey login healthequity.com` or something? I'd be ok with that, but that's obviously not what's going on.

>>108790550
>If you are 100% passkeyed, Google can instantly cut off your access to all of your accounts.
that's ((their)) endgame

>>108790550
>If you are 100% passkeyed, Google can instantly cut off your access to all of your accounts.
How? The passkeys are on my Yubikey.

>>108791012
AND google made the one browser that makes that yubikey work everywhere
whats their endgame again?

>>108790550
>Google can instantly cut off your access to all of your accounts.
This is false.
You can save your passkeys in any modern password manager, just like you would a password or an SSH key. There are 100% local and open source password managers like keepass.

You could even write a script to save it in your truecrypt volume instead.

You can also save your passkeys in your google or apple or microsoft account if you're a normie.

>>108791229
My yubikey works on my Mac and on my Firefox.

>wuh google made a browser that can display jpeg muh i wont use jpeg muh

>>108786935
>Vendor lock-in is the big one
You don't know what passkeys are
>then you get a new phone and want to transfer your passkey over. Well, too bad, you can't.
why are you obsessed with "transferring" passkeys? passkeys are not passwords that you have to remember, they are literally transparent to the user. it makes absolutely zero difference to you to use a new, different one.
>>108787097
>Passkey is literally 2fa
Every 2FA method is "literally 2FA". What a fucking useless thing to say that just serves to show everyone you know jack shit about the topic
>youre locked down into the software implementation
false
>forcing you to already be signed in onto a different device
unless you don't use a password manager or TOTP, this is a hypochritical double standard
>you cant even just use a custom made software to centralize your keys like with TOTPs
Not only is this false, but the same hypochrisy and double standard from the previous point apply to
>>108787108
>TOTP is better
TOTP literally protects you from FEWER attack types, retard

i actually don't mind passkeys, but the potential to completely lose access is scary

that said why are password managers such a fucking mess
>1Password
i currently use this, and i like it, but i can't justify the increasing costs, so i'm trying to move to something else
i like how you have two master passwords (recovery code etc)
i also appreciate how i can add my ssh keys and shit
>Bitwarden
does most of what I want, but i like to keep my TOTP together, and Bitwarden requires a subscription to even use them (even though they're completely local), still better that you can use it for free unlike 1Password
self hosting seems like a pain to setup though, if i had the resources to do it I would, but i can't at the moment (especially when I can't even justify a bitwarden subscription)
>KeepassXC
this would be great but since i use a mac & iphone, it just falls short for me
like i use a display link setup, so on startup it's hidden and there's no option to always keep if visible during 'screen capture' (this is just a minor grievance though)
there's no integrated safari browser extension, and since there's no 'official' ios app, the third party options are dodgy as fuck (plus they all have their own in-app subscriptions)
i don't mind not having some integrated cloud sync, since i can just store the .kdbx file in icloud or something
>Apple Passwords
it works, but it's just way too limited compared to other options
can add the TOTP and passkeys which is nice
but you have shit like not being able to modify the first website url of an item (you can add/remove additional ones, but not the first)
the actual security part to access your passwords seems so much worse too

at the end of the day, i know it's a terrible idea to put all my eggs in a single basket
but also the amount of websites that are completely inconsistent with their 2FA, either none at all, use email/SMS, or using something like 'steam guard' instead of using the standard implementation