this post was submitted on 28 Feb 2025
526 points (93.3% liked)

memes

12158 readers
2280 users here now

Community rules

1. Be civilNo trolling, bigotry or other insulting / annoying behaviour

2. No politicsThis is non-politics community. For political memes please go to !politicalmemes@lemmy.world

3. No recent repostsCheck for reposts when posting a meme, you can only repost after 1 month

4. No botsNo bots without the express approval of the mods or the admins

5. No Spam/AdsNo advertisements or spam. This is an instance rule and the only way to live.

A collection of some classic Lemmy memes for your enjoyment

Sister communities

founded 2 years ago
MODERATORS
Tenthrow@lemmy.world
The_Picard_Maneuver@lemmy.world
The_Picard_Maneuver@startrek.website
526
Take your passkey and shove it where the sun don't shine (lemmy.world)
submitted 2 days ago by cm0002@lemmy.world to c/memes@lemmy.world
160 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] bearboiblake@pawb.social 3 points 1 day ago* (last edited 1 day ago) (1 children)

yeah that's totally true, but usually modern devices ensure that the passkeys are protected with a PIN or some biometric security, so I think it's at least as strong as having a password manager on your device that can be unlocked with a PIN.

not really sure what you mean about "out of the ordinary" logins - it sounds like you're thinking about phishing risks? but remember - passkeys cannot be phished. they verify the identity of both sides of the authentication token exchange - the server verifies you, and you verify the server. If you only use passkey authentication, you are safe from being phished. the most secure system would be one entirely without passwords/oath totp

[–] Tiger@sh.itjust.works 1 points 20 hours ago

I guess I mean if people are too used to critical services opening up without any friction, a pause to complete some sign in step, they’ll stop taking a moment to look for any warning signs, so they might miss the fact that they’re at a spoofed url, for example. Yes you’re right that the passkey wouldn’t be working at this fake site, but it could still take them out and harvest some data, interactions or credentials.