- Big Tech has implemented passkeys in a way that locks users into their platforms rather than providing universal security
- Passkeys were developed to replace passwords for better account security, but their rollout by Apple and Google has limited their potential
- Proton Pass offers passkeys that are universal, easy to use, and available to everyone for improved online security and privacy.
Basically hardware keys (like YubiKey) without hardware
So…. Software keys…
a.k.a password-protected certificates
deleted by creator
Most in the crypto industry wouldn’t consider a hardware key that shares metal with an internet connected device to be a very safe hardware key though. Of course when your hardware key such as a ledger or yubikey is plugged into your computer, now it’s also sharing metal.
I think the industry needs a term to differentiate between all these categories of hardware wallets.
The best is an airgapped hardware wallet such as Keystone.
Oh, yes. Let’s listen to the crypto industry, that famous industry with no security breaches or frauds. We might as well ask for site design advice from restaurants that don’t put their hours or menu somewhere prominent on their site.
I’d like to think there’s a difference between the cryptography industry and the cryptocurrency industry
That’s probably what pisses me off the most about the cryptocurrency world. They somehow appropriated the word “crypto” to mean their internet money, instead of the meaning it had tracing back to World War 2, if not earlier.
The crypto industry has been perfecting key security for 10 years with huge financial incentive to do so.
Hacks and grifters are in every industry. It’s unrelated to a conversation about passkeys.
Let me know when the crypto community gets key security perfected so I can buy some glorified airplane points from a guy named catfucker88 or whatever. In the mean time, I’ll use normal cryptography libraries and leave the headassery to others.
Who hurt you?
A few extremely beautiful women but they got consent beforehand and I hold no grudges. If I’m honest with myself, I mostly enjoyed it.
Wtf are you talking about
If the key is in the same device that’s being used to access a protected resource over the network, the thing can be potentially be hacked and the key retrieved.
That’s why there are solutions were the key never leaves a secure hardware device, such as challenge-response authentication were a bank card’s smartchip is used to generate responses to the challenges (with the key never being outside the card) or keydongles that show a variable code, depending on time.
This is actually pretty old tech.