PassKeys seem like a bad idea. Google backs them up to the cloud, so if your Google account is compromised then all your private keys are compromised. I don't see how that's an improvement over password+2FA at all.
Now security keys I get; keep the private key on an airgapped device. That's good. Hell I even keep my 2FA-OTP salts on a YubiKey.
#passkeys #fido2 #webauthn #yubikey #2fa #otp #authentication #cryptography #security #passwords #passkey #password #securityKey #google
The funniest part is that no matter how many security factors we use to replace passwords (two factor auth, passkeys, security keys, etc) there's always a backup that's just another password.
#twoFactorAuth #2fa #password #auth #authentication #security #passkeys #webauthn #fido2 #passkey #passwords
Where do you keep your two-factor auth backup codes?
@schizanon I struggled with this a lot. I wanted to be able to recover my digital life if itโs just me, standing alone, with none of my worldly possessions (house fire, luggage stolen, whatever).
Ultimately that means cloud. No way around it.
I minimized my risk by using a file-based password manager, and a separately also encrypted e2e sync service. Only I know the password to the file, but a close friend can help me get back into the sync service. (1/2)
๐งฟ๐ชฌ๐๐๐ฎ๐ป๐ฒ๐ฅ๐๐๐ด๐ป๐บ๐ธ
Ken Kinder 