Is it really that easy to hack someone's Discord? Is it the same with: Telegram, Twitter, facebook ...ect ? and does this work if I'm accessing Discord through Firefox ?
https://lemmy.dbzer0.com/post/26547520
=> More informations about this toot | More toots from zaknenou@lemmy.dbzer0.com
Passkey is resistant to these attacks, but user adoption is not widespread enough for Discord to be able to mandate it.
=> More informations about this toot | More toots from xylogx@lemmy.world
What is wrong with good ol’ TOTP & FIDO2?
=> More informations about this toot | More toots from toastal@lemmy.ml
Passkey is FIDO2.
=> More informations about this toot | More toots from xylogx@lemmy.world
Based on FIDO Alliance and W3C standards, passkeys replace passwords with cryptographic key pairs. These key pairs profoundly improve security.
– developer.apple.com/passkeys/
Based on FIDO2/WebAuthn but unlike them, passkeys are those things Apple & Google have been pushing that live on their servers + one specific device in its secure enclave you as as a user aren’t allowed to look into. FIDO2 is usually tied to some USB security token.
=> More informations about this toot | More toots from toastal@lemmy.ml
you can still use a yubikey or even a password manager like keepassxc with passkeys, no need for any google/apple or even secure enclave.
=> More informations about this toot | More toots from gibson@sopuli.xyz
These passkeys want to be unique per site/services & many hardware tokens only have a handful of slots for storage which means such dedicated don’t really work & storing them on say your laptop with your other passwords probably isn’t ideal with Keypass. Many security experts don’t see the advantage over a good hardware token + unique password. Like Big Tech trying to reinvent XMPP with RCS, I feel they are trying to do the same with passkeys so they benefit them.
=> More informations about this toot | More toots from toastal@lemmy.ml This content has been proxied by September (3851b).Proxy Information
text/gemini