this post was submitted on 11 Nov 2025
290 points (87.6% liked)

Technology

76799 readers
3193 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
290
Passkeys Explained: The End of Passwords (sentientrant.com)
submitted 3 days ago by sentientRant@lemmy.world to c/technology@lemmy.world
232 comments fedilink hide all child comments
 

Passkeys are built on the FIDO2 standard (CTAP2 + WebAuthn standards). They remove the shared secret, stop phishing at the source, and make credential-stuffing useless.

But adoption is still low, and interoperability between Apple, Google, and Microsoft isn’t seamless.

I broke down how passkeys work, their strengths, and what’s still missing

you are viewing a single comment's thread
view the rest of the comments
[–] Brokkr@lemmy.world 222 points 3 days ago (55 children)

While the lock-in issue is annoying and a good reason not to adopt these, the device failure issue is a tech killer. Especially when I can use a password manager. This means I can remember two passwords (email and password manager), make them secure, and then always recover all my accounts.

Passkeys are a technology that were surpassed 10 years before their introduction and I believe the only reason they are being pushed is because security people think they are cool and tech companies would be delighted to lock you into their system.

[–] cenzorrll@piefed.ca -1 points 3 days ago (6 children)

I've found a pretty good use for a passkey. Docusign. About every 3 months I need to docusign something at work. The process involves logging in, changing your password, logging in again, opening the document, logging in to sign, logging in to finish. The only steps you get to skip if there's more than one document is the initial log on, and changing password. So with a passkey I just touch it a bunch of times and there's no password change.

[–] Brokkr@lemmy.world 10 points 3 days ago (1 children)

Sounds like a password manager would make that way easier. Changing your password would involve a few extra clicks. Also, you might want to check with your IT folks. Asking people to constantly change their password is a good way to weaken password strength. I don't use docusign, but there is probably a setting that they can change.

[–] cenzorrll@piefed.ca 1 points 3 days ago

Oh, I agree, but I have to argue enough with professionals who know better as it is. I have to do it every day with recent PhDs as a BA who's been doing the job for 15 years. At this point it's not my problem if something happens. I have other things that affect me every day to fight about. I'll just continue cycling through my no repeats after 10 changes, 12 character passwords and using my yubikey for docusign for my own sanity.

load more comments (4 replies)
load more comments (52 replies)