- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Passkeys are an easy and secure alternative to traditional passwords that can help prevent phishing attacks and make your online experience smoother and safer.
Unfortunately, Big Tech’s rollout of this technology prioritized using passkeys to lock people into their walled gardens over providing universal security for everyone (you have to use their platform, which often does not work across all platforms). And many password managers only support passkeys on specific platforms or provide them with paid plans, meaning you only get to reap passkeys’ security benefits if you can afford them.
They’ve reimagined passkeys, helping them reach their full potential as free, universal, and open-source tech. They have made online privacy and security accessible to everyone, regardless of what device you use or your ability to pay.
I’m still a paying customer of Bitwarden as Proton Pass was up to now still not doing everything, but this may make me re-evaluate using Proton Pass as I’m also a paying customer of Proton Pass. It certainly looks like Proton Pass is advancing at quite a pace, and Proton has already built up a good reputation for private e-mail and an excellent VPN client.
Proton is also the ONLY passkey provider that I’ve seen allowing you to store, share, and export passkeys just like you can with passwords!
See https://proton.me/blog/proton-pass-passkeys
#technology #passkeys #security #ProtonPass #opensource
Has anyone used pass keys? I have been hesitant to try them out. Using them, do they basically keep you logged in all the time to a given site?
I’ve had them since 1Password beta. They do not change the duration of a session unless the service opts to. In the case of google they ask me to log in more often, presumably because there’s less friction, so why not?
Only for a test, I do not see myself switching to passkeys any time soon, using KeePass is fine in my use case. If there would be some site for which I would need to authenticate every day I would probably create a passkey on device itself (Windows Hello or Google Password manager) since authentication speed increase is undeniable.
Only authentication method changes, there should be no difference after you sign-in, how long sign-in is kept still depends on site owner.
There are various sites to test authentication experience, here’s one where you can test it with dummy account and no registration https://webauthn.io/. It is pretty cool, but you need to create a passkey for every site on all devices to fully utilize their potential.
I use passkeys for some sites, but have been reluctant to go all in until I’m sure all my devices can support them. I’m not always going to have my desktop with me, and likewise my phone’s battery can be flat, etc. I’ve always wanted passkeys to first sync across all my devices, and ideally to be exportable and brought into a different service. Right now you can export your 900+ passwords, and import them into a different service if you want to move. You can’t do that with Apple or Google passkeys.