fsebugoutzone.org:9999

       Post AVQdkMFhzON3VtQMuO by adam@hax0rbana.social
 (DIR) More posts by adam@hax0rbana.social
 (DIR) Post #AVHuOJR9j3yVD1DH3w by Newmy@writing.exchange
       2023-05-03T13:26:55Z
       
       1 likes, 0 repeats
       
       It is genuinely baffling how much discussion of passkeys omits the extremely basic question of WHAT HAPPENS IF YOU LOSE YOUR PHONE https://www.theverge.com/2023/5/3/23709318/google-accounts-passkey-support-password-2fa-fido-security-phishing
       
 (DIR) Post #AVHuOK5vHUaJFSHpbc by AIaYYAle4i1uKmKpqy.gme@bofh.social
       2023-05-03T19:39:49.316472Z
       
       0 likes, 0 repeats
       
       @Newmy Or even worse, what happens when Google decides to delete your account and everything you’ve uploaded with it because their ML algorithms incorrectly flagged that photo of your baby that your pediatrician asked you to take as CSAM and reported you to the police who took one look at the photo and realized, “It’s a picture of a fathers’ baby taking a bath, why is Google wasting our time?” Only for Google to tell you “tough shit all your bases belong to us”.
       
 (DIR) Post #AVHuOLBHF4SgcLncae by Newmy@writing.exchange
       2023-05-03T13:29:09Z
       
       1 likes, 0 repeats
       
       Even Google&#39;s own documentation just completely punts on the question.&quot;I lost my device.&quot;&quot;No problem! Just sign into your device.&quot;
       
 (DIR) Post #AVHuOMw6iRW23siXDs by Newmy@writing.exchange
       2023-05-03T13:32:39Z
       
       1 likes, 0 repeats
       
       Like, I&#39;m a nerd, I get it, the idea is you use your computer or whatever to deauthorize the lost phone and set up a new one.But, A) Some people&#39;s only device is a phone B) It&#39;s not impossible for all your devices to get lost/stolen at once C) The whole concept is strange and new and needs to be explained in the clearest possible terms and not just, like, &quot;You hate passwords so get rid of them! It&#39;ll be great!&quot;
       
 (DIR) Post #AVHuOOnfmlxPqImpM0 by Newmy@writing.exchange
       2023-05-03T14:02:40Z
       
       0 likes, 0 repeats
       
       Here&#39;s Google&#39;s big passkey announcement post, where they also completely fail to explain what happens if you lose your phone - https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/
       
 (DIR) Post #AVHuOQY9HSjBGjXSQy by Newmy@writing.exchange
       2023-05-03T17:55:45Z
       
       0 likes, 0 repeats
       
       I&#39;m almost certainly writing about this in next week&#39;s newsletter btw. If I do it won&#39;t be paywalled. Free sign-up form&#39;s at the bottom! https://advisorator.com/members/2023/05/02/5-2-2023-try-these-email-apps-2/
       
 (DIR) Post #AVHx1dhEXHWlFCc5xo by cwebber@octodon.social
       2023-05-03T17:38:25Z
       
       0 likes, 0 repeats
       
       @Newmy and also, can you use passkeys with a device where you can replace the operating system?The most troubling thing about this to me is that it looks like a path for Google and etc to start dictating the host OS + hardware lockdown of the system you runFor all the shittiness there was in the web 2.0 era, at least nobody could tell you what OS to use when logging into a site.
       
 (DIR) Post #AVHx1ePtrDFxTjVlaK by Newmy@writing.exchange
       2023-05-03T17:40:47Z
       
       0 likes, 1 repeats
       
       @cwebber Oh, don&#39;t even get me started on how passkeys are a mechanism for platform lock-in. Ask the big passwordless backers how to switch ecosystems and they&#39;re all like &quot;Uh ... we&#39;ll figure it out later, maybe?&quot;
       
 (DIR) Post #AVHx2ZD6hRtLcYxr3g by ParadeGrotesque@mastodon.sdf.org
       2023-05-03T20:09:32Z
       
       0 likes, 0 repeats
       
       @Newmy @cwebber &quot;Maybe&quot;
       
 (DIR) Post #AVQagoG3chojLnChrk by adam@hax0rbana.social
       2023-05-08T00:11:26Z
       
       0 likes, 0 repeats
       
       @NewmyYou can log in with another FIDO2 device, orYou restore your FIDO2 devive from a backup (some devices have supported this for years), orYou log in with your password, orIt&#39;s the same process as you would go through now if you forget your password.
       
 (DIR) Post #AVQb9RTZPCIf5iB3rM by adam@hax0rbana.social
       2023-05-08T00:16:38Z
       
       0 likes, 0 repeats
       
       @cwebberI&#39;ve been using FIDO2 (which big tech is trying to rebrand as passkeys, but they&#39;re literally the same thing) for a few years now.It&#39;s an open standard, so there&#39;s no restriction on what vendor you can use. Some people use Yubikey brand, others NitroKey, others use Trezor, and there are still more to choose from.I&#39;m not a fan of Google or the other silicon valley companies, but I am a fan of open standards, preventing vendor lock in, and improving security, so I ❤️ FIDO2.@Newmy
       
 (DIR) Post #AVQcoDaI3ho3pmKOzQ by Newmy@writing.exchange
       2023-05-08T00:35:08Z
       
       0 likes, 0 repeats
       
       @adam How can non-technical people find out what a Fido 2 device is (besides hardware security keys, which they will not use)? What happens when passwords are eventually removed from the system? Where is this being documented by major tech firms like Google?
       
 (DIR) Post #AVQdkMFhzON3VtQMuO by adam@hax0rbana.social
       2023-05-08T00:45:42Z
       
       0 likes, 0 repeats
       
       @Newmy I don&#39;t know if Google plans to remove passwords or what they document.If people feel Google&#39;s abrupt changes, sunsetting things with little notice and lack of documentation are compelling reasons to abandon their services, please do so.If you want to use passwords forever instead of using FIDO2, you should have that right.For those of us who want stronger security, and not have to mess around with passwords &amp; 2FA, we should be able to have that.Everyone can win!