• jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    edit-2
    1 year ago

    I prefer the yubikey webauthn fido2 non passkey approach. It’s not limited to 25 slots. And if your key gets compromised, or you’re forced to unlock it, there isn’t a list of sites that it works on.

    With passkeys, if somebody compromises you, physically, they can see everything you can log into. That makes me feel icky

    • tippl@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      if somebody compromises you, physically, they can see everything you can log into

      Can they though? I own a few yubikeys with passkeys stored inside and i cannot query stored logins without entering a pin.

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        2
        ·
        1 year ago

        Right, so they coerce you to unlock the yubi key (threats, torture, finger removal, etc) and now they see all your passkeys and what they belong to. It’s a menu of your activity.

    • NaN@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      There are definitely pluses and minuses. It will lock you out after 8 incorrect pins so if it came down to it, you could probably force it to lock pretty quickly.