cross-posted from: https://lemmy.ml/post/1073275
Great explainer / FAQ
I’ll probably still use my Precursor and Yubikeys for the most part, but I’ll definitely enable Passkeys wherever they are an option
I’d be on board with Passkeys if there’s an open-source app to set, authenticate, back-up and restore passkeys between devices. I held off getting 2FA TOTP codes until I used andOTP.
…if you’re syncing passwords through a browser, a password manager, iCloud Keychain, or one of the Microsoft or Google equivalents, be aware that you are already trusting a cloud service
I don’t trust and don’t use any password manager services. I’m also wary of the single-device passkeys because I don’t like having a single point-of-failure to access to my accounts. I know password/recovery options can be used as fallback, but my adoption of this new tech will depend on these factors.
if you’re syncing passwords through a browser, a password manager, iCloud Keychain, or one of the Microsoft or Google equivalents, be aware that you are already trusting a cloud service
And this is a bullshit statement anyway.
I keep my passwords in KeepassXC and sync them with SyncThing; KeepasXC is absolutely a “password manager.” There’s no “trusting a cloud service” in there, anywhere.
Edit: 100% agree with you. I want proof that Google et al have no ownership of my identify before I use them.
