Mastodawn

rakekniven 👁️Feb 27

A survey for all users of the password manager #KeePassXC :
How many #Passkeys do you have already in your vault(s)?

Tagging #nextcloud as well as many users have their vault in their private cloud.

Please retoot.

Zero

53.8%

1 - 5

16%

5 - 20

7.7%

> 20

22.5%

Poll ended at Mar 6 at 10:42pm.

Show thread

pdl

@rakekniven I configured a passkey in Nextcloud, the passkey stored in KeepassXC. But:
- I cannot deactivate the login with password. Password authentication is configured with 2FA. This is a must-have (my opinion). The result: I login with passkey and have to complete the login with TOTP.
#Nextcloud #Passkey #Passkeys #keepassxC

Show thread

pdl Feb 28

@rakekniven The benefits of passkeys are
- convenience: Not when TOTP is required additionally.
- security: Not when password login cannot be disabled.
- phishing resistence: This is the only benefit remaining.

Disadvantages:
- full security benefit only with hardware token: complex management

I thought about securing my password database with a hardware token and leave my accounts with password/TOTP (where pssible). On Android I would have to change to KeepassDX.
#Passkey #KeepassXC