• sir_pronoun@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    I’d be interested in a discussion of his points here :) those sound like valid points he’s making

    • asap@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      1 month ago

      Even in the best case scenario, where you’re using an iPhone and a Mac that are synced with Keychain Access via iCloud

      Surely the better-case scenario would be using a password manager?

      Without addressing the point of using a password manager (which everyone should be using), the article seems kind of irrelevant.

      • sir_pronoun@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 month ago

        But that is exactly what he recommends, using a password manager - with one time email authentication for the first login as an extra step, right?

        • asap@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          1 month ago

          edit: I think I’ve misunderstood the point of the article. In a non-obvious (to me at least) way, he is saying passkeys are dangerous for people without password managers, therefore for most people passwords are still better.

        • hedgehog@ttrpg.network
          link
          fedilink
          arrow-up
          0
          ·
          1 month ago

          But that is exactly what he recommends, using a password manager - with one time email authentication for the first login as an extra step, right?

          Nope.

          Using a cross-platform password manager with synced passkeys is different and much more secure than using a password manager with email TOTPs or sign-in links with emails that aren’t end-to-end encrypted.

          And password manager adoption is much higher than PGP keyserver adoption, and if you can’t discover someone’s public key you can’t use it to encrypt a message to them, so sending end-to-end encrypted emails with TOTPs/sign-on links isn’t a practical option.

          According to Statista, 34% of Americans used password managers in 2023 (a huge increase from 21% in 2022), so it’s not even like the best case scenario is rare.