bdjegifjdvwMar 13

I love password based login

https://lemmy.world/post/44211348

Show threadKorne127Mar 14
Magic link only is the wirst kind of login systems. However, I don’t know any big real companies that use this.
If you don’t like passwords, just use passkeys.
Show threadlambaliciousMar 14
Wasn’t passkeys basically “passwords, but Google has control of them”?
Show threadnibblerMar 14
dont think so. what i gatherd passkeys is a public/private key scheme, much like pubkey auth in ssh logins.
Show threadBCsvenMar 14
Its still just a single factor if some body steals your private key.
Show threadGt5Mar 14
Yes, buts it’s not something that can be easily guessed or found on a post it on the monitor
Show threadBCsven

True dat. But if they compromise your computer the first thing the look for is key files.

Like my ssh keys are in a root permission file. Protected from general sight, but if somebody compromises my PC with a CVE on then goodbye keys.

At least with hardware key it is removable and requires a button press.

So accessing becomes physical access or quantum computer cracking

Mar 14 at 4:40pmWeb