123
-=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- (c) WidthPadding Industries 1987 0|534|0 -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=- -=+=-
Socoder -> Off Topic -> Software Locks and Keys

Sat, 10 Aug 2024, 16:28
therevillsgames
So are passkeys the future? I must be missing something regarding the security of them, but if you're device is stolen doesn't that give them all your keys and all they have to do is unlock the device?
Sat, 10 Aug 2024, 16:28
Jayenkai
I've been grumbling about this sort of thing a lot, lately.

Our Doctors requires you to log in with your username and password, which the phone remembers, then it sends a 2FA code to the phone.
But I'm already trying to log in on my phone.
If someone has my phone.. ... They can still log in, and it won't change anything, because they'll get the 2FA code, too.

Same kinda thing.
It's all well and good having everything locked to a device, but then that device becomes more and more valuable to the right sort of thief.

-=-=-
''Load, Next List!''
Sat, 10 Aug 2024, 18:36
therevillsgames
Glad I'm not the only one that thinks this way

I dont have my phone remember usernames and passwords apart from Gmail... and I have a password manager on the phone (Bitwarden), so if anyone gets my device, first they need to unlock it, then to access my other credentials they then need to unlock Bitwarden...

With passkeys, my understanding is that the private key will be on the device, the client is on the device, and the client will automatically use the private key to log onto the services that are linked :?
Mon, 12 Aug 2024, 04:01
cyangames
I consider this 2FA to be current as opposed to the future, I don't consider it to be a great thing either, but it's one of those necessary measures to guard against malicious account access.

WinAuth is handy for 2FA stuff without a mobile phone also.

-=-=-
Web / Game Dev, occasionally finishes off coding games also!