this post was submitted on 21 Dec 2024
103 points (97.2% liked)
technology
23383 readers
252 users here now
On the road to fully automated luxury gay space communism.
Spreading Linux propaganda since 2020
- Ways to run Microsoft/Adobe and more on Linux
- The Ultimate FOSS Guide For Android
- Great libre software on Windows
- Hey you, the lib still using Chrome. Read this post!
Rules:
- 1. Obviously abide by the sitewide code of conduct. Bigotry will be met with an immediate ban
- 2. This community is about technology. Offtopic is permitted as long as it is kept in the comment sections
- 3. Although this is not /c/libre, FOSS related posting is tolerated, and even welcome in the case of effort posts
- 4. We believe technology should be liberating. As such, avoid promoting proprietary and/or bourgeois technology
- 5. Explanatory posts to correct the potential mistakes a comrade made in a post of their own are allowed, as long as they remain respectful
- 6. No crypto (Bitcoin, NFT, etc.) speculation, unless it is purely informative and not too cringe
- 7. Absolutely no tech bro shit. If you have a good opinion of Silicon Valley billionaires please manifest yourself so we can ban you.
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I guess our tech overlords have determined that "Passkeys" are going to be the replacement and fix for this kind of multi-factor authentication hell. Should be nice once everything actually adopts and implements it well. Still need like an email-based password reset or something like that.
I really like GRC's Secure Quick Reliable Login (SQRL). It's older than most examples but basically just the open version of the prompt on your phone. Authentication requests are made for a specific domain and sent back to that domain only. So much more phishing resistance than has been typical, similar to passkeys. It's as seamless as scanning any QR code with a phone, or it integrates with a browser or local password manager/daemon. The prompts on the phone show you the unobfuscated domain name of what generated the QR code/auth request and if it's never been used before like a phishing site, it'll only offer user registration (usually with one-click).
The backups of your credentials are just QR codes and can be printed on standard printer paper.
It is used internally at a midsize organization for their internal systems authentication. Way less hassle than the Microsoft authenticator, no added hardware like a passkey.
Passkeys aren't added hardware. They're just private keys.