Andrew CoutsNEW: Google today rolled out passkeys—the industry-wide tech that will replace passwords—to all accounts. It’s a big step toward replacing passwords, which are often insecure, altogether, @lhn reports (tip @Techmeme and @TechDesk) https://www.wired.com/story/google-passkey-password-replacement/
gillo@couts @lhn @Techmeme @TechDesk While optimal in concept, the full reliance on biometrics worries me. It has been reported that in many countries adversaries just took the phones and turned it towards the victim to unlock it with face biometrics. Of course, these are extreme cases and concern only people with a specific threat model, but it would still be good to mention it somewhere.
Adam I@aiannazzone @couts @lhn @Techmeme @TechDesk Precisely. And, a good reason to always switch the phones off before border controls. (Biometrics are disabled at restart)
@aiannazzone @couts @lhn @Techmeme @TechDesk Luckily it seems it works also with a pin. Hopefully a long one too.
Francesco Gianni@gillo @aiannazzone @couts @lhn @Techmeme @TechDesk
How is that better than password manager + 2FA?
I probably cannot see it, but if someone takes your phone it's easier to guess a PIN or crack bio than guessing a password manager password.
My guess is that they are trying to improve the situation for who is using weak passwords without a PM. Though I'm a bit scared about this "share access with QR code", how many people that won't send you a password will send you the screenshot of a QR?