• chickentendrils [any, comrade/them]@hexbear.net
    link
    fedilink
    English
    arrow-up
    44
    ·
    8 months ago

    Who the fuck is putting cryptographic keys which can dispossess them of so much money on a phone to begin with?

    Let them bitch about a malicious app dev stealing it, at least they still have their thumbs.

    • someone [comrade/them, they/them]@hexbear.net
      link
      fedilink
      English
      arrow-up
      6
      ·
      8 months ago

      Who the fuck is putting cryptographic keys which can dispossess them of so much money on a phone to begin with?

      The same sorts of people who are enthusiastically embracing Google’s “Passkey” scam.

        • someone [comrade/them, they/them]@hexbear.net
          link
          fedilink
          English
          arrow-up
          10
          ·
          8 months ago

          Because it’s just a glorified password manager. But instead of your master password being kept securely in your head, your master password is now in the hands of Google or Apple or Microsoft.

          • blobjim [he/him]@hexbear.net
            link
            fedilink
            English
            arrow-up
            10
            ·
            edit-2
            8 months ago

            KeePassXC just today released support for storing passkeys in your own keepass database file. And they’re not just “glorified passwords”. They’re private keys that use challenge-response authentication so they’re never actually sent over the network. Harder to compromise.

            Using passkeys with some kind of personal database is ultimately an objective improvement over hodge podge username and password mechanisms, so they’re only going to continue being adopted further.

            The only case they don’t really work for is when you want to log in to a computer that doesn’t have access to your passkeys.