• asap@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    1 month ago

    Even in the best case scenario, where you’re using an iPhone and a Mac that are synced with Keychain Access via iCloud

    Surely the better-case scenario would be using a password manager?

    Without addressing the point of using a password manager (which everyone should be using), the article seems kind of irrelevant.

    • sir_pronoun@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      But that is exactly what he recommends, using a password manager - with one time email authentication for the first login as an extra step, right?

      • asap@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        1 month ago

        edit: I think I’ve misunderstood the point of the article. In a non-obvious (to me at least) way, he is saying passkeys are dangerous for people without password managers, therefore for most people passwords are still better.

      • hedgehog@ttrpg.network
        link
        fedilink
        arrow-up
        0
        ·
        1 month ago

        But that is exactly what he recommends, using a password manager - with one time email authentication for the first login as an extra step, right?

        Nope.

        Using a cross-platform password manager with synced passkeys is different and much more secure than using a password manager with email TOTPs or sign-in links with emails that aren’t end-to-end encrypted.

        And password manager adoption is much higher than PGP keyserver adoption, and if you can’t discover someone’s public key you can’t use it to encrypt a message to them, so sending end-to-end encrypted emails with TOTPs/sign-on links isn’t a practical option.

        According to Statista, 34% of Americans used password managers in 2023 (a huge increase from 21% in 2022), so it’s not even like the best case scenario is rare.