fsebugoutzone.org:9999

       Post AqAbQ4xpOt3Gr3zqjY by atoponce@fosstodon.org
 (DIR) More posts by atoponce@fosstodon.org
 (DIR) Post #AqAbQ4xpOt3Gr3zqjY by atoponce@fosstodon.org
       2025-01-16T10:51:58Z
       
       1 likes, 5 repeats
       
       Hard pass. I will not use #passkeys and will tell my friends and family to do the same.So long as attestation part of the WebAuthn spec, it allows companies to lock consumers into using specific passkey managers.It&#39;s exactly like streaming subscriptions. Attestation sets up the dystopia of a paid 1Password account for your email passkey, a paid LastPass account for your utility account passkey, a paid Bitwarden account for your health insurance, etc.#passwordshttps://www.ncsc.gov.uk/blog-post/passkeys-not-perfect-getting-better
       
 (DIR) Post #AqAdoVqxHKod6mYoDY by CjMalone@en.osm.town
       2025-01-16T18:19:28Z
       
       0 likes, 0 repeats
       
       @feoh @atoponce only until they get blocked for putting your users first.https://github.com/keepassxreboot/keepassxc/issues/10407#issuecomment-1994182200
       
 (DIR) Post #AqAdoX6acguqzYsoE4 by m0xee@social.librem.one
       2025-01-17T10:45:10Z
       
       0 likes, 0 repeats
       
       @CjMalone @feoh @atoponce And another one that is tangentially related, a certification requirement that enforces users having less control: https://github.com/keepassxreboot/keepassxc/issues/10406
       
 (DIR) Post #AqAu4sB7dk36FUogKG by idiot@shitposter.world
       2025-01-17T13:47:29.997077Z
       
       1 likes, 1 repeats
       
       @m0xee @atoponce Is this the same gigasperg spazzing out at the one password manager that allowed users to export passwords in plaintext because ERM CHUDDIE YOU CAN&#39;T DO THAT USERS ARE DUMB STOP ENGAGING IN DOUBLE-PLUS UNGOOD THINKSecurity whackos are wild.
       
 (DIR) Post #AqAxJtQzYJ2WLn5prM by m0xee@social.librem.one
       2025-01-17T14:23:46Z
       
       1 likes, 0 repeats
       
       @idiot @atoponce Yep, it&#39;s the same person in both issues! One might think that passkeys solve old problems with fancy new cryptography, but in fact it&#39;s good olde public/private keypair authentication served under a different sauce, with vendor lock-in baked right in: phishing resistance is achieved solely through not being able to access the private key using normal means — otherwise the software you use to manage them won&#39;t pass the attestation. It&#39;s all marketing bullshit!