In the latest episode of “they will always sell you out” - they sold you out! Who would’ve thought.
Hoping for a good alternative client to appear, the writing is on the wall. Vaultwarden can’t exist without “leeching” off of Bitwarden.
In the latest episode of “they will always sell you out” - they sold you out! Who would’ve thought.
Hoping for a good alternative client to appear, the writing is on the wall. Vaultwarden can’t exist without “leeching” off of Bitwarden.
Two articles behind a paywall, one that won’t load, and another article that says the big problem with passkeys is…people are unfamiliar with them.
If anyone tells you that Passkeys are bad, they’re a liar. Way more safe than passwords, full stop.
Just don’t let Microsoft or Apple tie them to your device. You don’t have to do that.
There is no full stop there… A password that is sufficiently long will never be cracked no matter the hashing algorithm in use. Passwords are easily transferrable and can be communicated to a third party in the event of an emergency. They also provide tunable security, where you can trade off security for convenience if you want.
Some (not all, I know) passkeys are tied to a device. Stolen device means stolen passkey, and it’s potentially very difficult to recover from that. Passkeys are also locked to a certain standard, passwords have no such restrictions.
Tbh I don’t understand the move for passkeys replacing passwords. They should become the second factor when a user wants additional security. They’re perfect for that niche.
Are you calling me a liar? That’s pretty weird; it’s not like I’m telling you to stick to passwords while I move to passkeys. With that said, though, get Bypass Paywalls Clean (Mozilla-only, as far as I know) and you’ll never see another paywall again. I forgot about having that.
The problem is that this is where it’s eventually going to lead to.
At the very least you’re misguided or don’t know what you’re talking about. Passkeys are not vendor locked in and of themselves.
You can make the same argument against password managers because most iPhone users that use them, use Apple’s one.
They will almost certainly lead to vendor lock in. Why do you think they won’t? Apple’s password manager is definitely an example of vendor lock in. Many others have a simple to use export feature to CSV or something that others can understand
Edit: it could be that you don’t know what the WebAuthn/FIDO2 specification says or we understand it differently? Do you know how the attestation mechanism works? That ties the key to a device of software authenticator (the software authenticator is likely going to tie it to the device somehow, possibly even via a TEE).
Not really, Vaultwarden/bitwa4den offer passkey support. When I log into a service a popup shows on my extension, I click it and I’m in. It’s not gonna lead to device locking if you don’t want to…