• ChillPill@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    16 days ago

    Keepass? No cross device support, you need to manage that yourself through something like Google Drive…

    • ilmagico@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      16 days ago

      What do you mean “no cross device support”? KeePassXC supports Win, Mac, Linux and there are iOS and Android apps available…

      As for the lack of cloud and requirement to provide your own synchronization, for some (like me) that’s a feature, not a limitation :)

      • hedgehog@ttrpg.network
        link
        fedilink
        English
        arrow-up
        0
        ·
        16 days ago

        Do any of the iOS or Android apps support passkeys? I looked into this a couple days ago and didn’t find any that did. (KeePassXC does.)

        • ilmagico@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          16 days ago

          I don’t use passkeys so I don’t know. Maybe I should research into passkeys, what’s the benefit over plain old (long, randomly generated) passwords?

          • jqubed@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            16 days ago

            I’m no expert in this but the passkeys really on some sort of public key, cryptographic pair. Your device will only send your encrypted cryptographic secret when it gets the correct encrypted cryptographic secret from the destination. This makes it much harder to steal credentials with a fake website or other service.

          • ilmagico@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            edit-2
            16 days ago

            Ok, from a quick search, it seems passkeys rely on some trusted entity (your browser, OS, …) to authenticate you, so, yeah, I’m not sure if I like that. The FIDO alliance website is all about how easy, convenient and secure passkeys are, and nothing about how they actually work under the hood, which is another red flag for me.

            I’ll stick to old-fashioned, long, secure, randomly generated passwords, thanks.

            • deejay4am@lemmy.world
              link
              fedilink
              English
              arrow-up
              0
              ·
              16 days ago

              Passkeys rely on you holding a private key. The initial design was that a device (like a browser or computer/phone) stored the private key in a TPM-protected manner, but you can also store it in a password manager.

              This is more secure than a password because of the way private/public key encryption works. Your device receives a challenge encrypted with the public key, decrypts with the private key and then responds. The private key is never revealed, so if attackers get the public key they can’t do shit with it.

              Just be sure that your private key is safe (use a strong master password for your PM vault) and your passkey can’t be stolen by hacking of a website.

              • ilmagico@lemmy.world
                link
                fedilink
                English
                arrow-up
                0
                ·
                16 days ago

                I see, that makes sense and should be more secure, in theory. Thanks for the explanation.

                The issue I have is, whether I need to trust a third party with my private key, e.g. Google with Android, Microsoft with Windows, etc. (yes on linux it’s different, but that’s not my only OS).

                Also if the private key does get compromised (e.g. local malware steals it), hopefully there’s an easy way to revoke it.

    • solsangraal@lemmy.zip
      link
      fedilink
      English
      arrow-up
      0
      ·
      16 days ago

      lol that’s what i used before i switched to bitwarden-- didn’t have any complaints, but the database key file thing was kind of a pain