this post was submitted on 11 Nov 2025
290 points (87.6% liked)

Technology

76799 readers
5626 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
290
Passkeys Explained: The End of Passwords (sentientrant.com)
submitted 3 days ago by sentientRant@lemmy.world to c/technology@lemmy.world
232 comments fedilink hide all child comments
 

Passkeys are built on the FIDO2 standard (CTAP2 + WebAuthn standards). They remove the shared secret, stop phishing at the source, and make credential-stuffing useless.

But adoption is still low, and interoperability between Apple, Google, and Microsoft isn’t seamless.

I broke down how passkeys work, their strengths, and what’s still missing

you are viewing a single comment's thread
view the rest of the comments
[–] EncryptKeeper@lemmy.world 2 points 2 days ago (2 children)

There’s a hassle?

[–] kratoz29@lemmy.zip 1 points 1 day ago

I haven't even bothered into understanding what passkeys are (I know, I should check it out thoroughly) but I think that at its core it requires your phone, and as I like messing around with my hardware installing custom roms and rooting I suppose this method will be pursued by Google so, just as NFC payments, I don't give a single fuck about it 🤣

[–] JackbyDev@programming.dev 8 points 2 days ago (1 children)

Every time I was prompted to use one by plugging my phone in to my computer nothing happened. That was a little over a year ago.

[–] frezik@lemmy.blahaj.zone 5 points 2 days ago (1 children)

It's been a very seamless experience with Bitwarden. Pretty much "click passkey, now logged in".

[–] JackbyDev@programming.dev 3 points 2 days ago (1 children)

I mean when I was trying to set one up. I wasn't ever prompted to use a password manager. It just said to plug my phone into my computer. I did. And it didn't detect anything. With user experience in setup that poor I don't trust them yet.

[–] sonofearth@lemmy.world 1 points 2 days ago* (last edited 2 days ago) (1 children)

What are using lol? I have never been asked to plug in my phone to a computer. I have use Bitwarden and KeepassXC and also used my phone to scan the QR in chromium browsers for passkeys and it just worked in all the browsers flawlessly (even ungoogled chromium). I just want Linux Distros to allow setup a default password manager for the user and implement passkeys auth mechanism for the apps installed in the device.

[–] JackbyDev@programming.dev 1 points 1 day ago

I don't know what to tell you. Multiple sites and services asked if I wanted to set up a passkey, every time I got prompted to plug my phone in via USB, and nothing happened when I did. At no point in the process did it give me a QR code or ask me if I wanted to set one up through a password manager instead of a phone. I didn't do anything special or incorrect. I followed the normal prompts they gave me.