cross-posted from: https://lemmy.ml/post/1073275

Great explainer / FAQ

I’ll probably still use my Precursor and Yubikeys for the most part, but I’ll definitely enable Passkeys wherever they are an option

  • Rentlar@lemmy.ca
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I’d be on board with Passkeys if there’s an open-source app to set, authenticate, back-up and restore passkeys between devices. I held off getting 2FA TOTP codes until I used andOTP.

    …if you’re syncing passwords through a browser, a password manager, iCloud Keychain, or one of the Microsoft or Google equivalents, be aware that you are already trusting a cloud service

    I don’t trust and don’t use any password manager services. I’m also wary of the single-device passkeys because I don’t like having a single point-of-failure to access to my accounts. I know password/recovery options can be used as fallback, but my adoption of this new tech will depend on these factors.

    • 𝕽𝖚𝖆𝖎𝖉𝖍𝖗𝖎𝖌𝖍@midwest.social
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      1 year ago

      if you’re syncing passwords through a browser, a password manager, iCloud Keychain, or one of the Microsoft or Google equivalents, be aware that you are already trusting a cloud service

      And this is a bullshit statement anyway.

      I keep my passwords in KeepassXC and sync them with SyncThing; KeepasXC is absolutely a “password manager.” There’s no “trusting a cloud service” in there, anywhere.

      Edit: 100% agree with you. I want proof that Google et al have no ownership of my identify before I use them.