PassKeys seem like a bad idea. Google backs them up to the cloud, so if your Google account is compromised then all your private keys are compromised. I don't see how that's an improvement over password+2FA at all.
Now security keys I get; keep the private key on an airgapped device. That's good. Hell I even keep my 2FA-OTP salts on a YubiKey.
#passkeys #fido2 #webauthn #yubikey #2fa #otp #authentication #cryptography #security #passwords #passkey #password #securityKey
🍄🌈🎮💻🚲🥓🎃💀🏴🛻🇺🇸 /
npub1j5…cjsn5
2024-05-03 01:42:09
Author Public Key
npub1j5203u6ym5cf89h0xm4feezxxvt9cf6jcdwtn3fvq9zw4rs54rqq6cjsn5Published at
2024-05-03 01:42:09Event JSON
{
"id": "672223ceaafe88774509aba5fb1d1dca9b846e70298776360c7ec254b25c266e",
"pubkey": "9514f8f344dd309396ef36ea9ce44633165c2752c35cb9c52c0144ea8e14a8c0",
"created_at": 1714700529,
"kind": 1,
"tags": [
[
"t",
"webauthn"
],
[
"t",
"passkeys"
],
[
"t",
"2fa"
],
[
"t",
"authentication"
],
[
"t",
"cryptography"
],
[
"t",
"security"
],
[
"t",
"yubikey"
],
[
"t",
"otp"
],
[
"t",
"fido2"
],
[
"t",
"securitykey"
],
[
"t",
"passkey"
],
[
"t",
"password"
],
[
"t",
"passwords"
],
[
"proxy",
"https://mastodon.social/users/schizanon/statuses/112374613924189825",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mastodon.social/users/schizanon/statuses/112374613924189825",
"pink.momostr"
]
],
"content": "PassKeys seem like a bad idea. Google backs them up to the cloud, so if your Google account is compromised then all your private keys are compromised. I don't see how that's an improvement over password+2FA at all.\n\nNow security keys I get; keep the private key on an airgapped device. That's good. Hell I even keep my 2FA-OTP salts on a YubiKey.\n\n#passkeys #fido2 #webauthn #yubikey #2fa #otp #authentication #cryptography #security #passwords #passkey #password #securityKey",
"sig": "ae695cdca835a8bd1c01d87238d78cc2b21a4aef6c39f152f20012ed96ee67e98a3d48453a1d68178756d76e83b28b7f69b4bced165c2af992514c0892f4d676"
}