• 0 Posts
  • 241 Comments
Joined 1 year ago
Cake day: June 5th, 2023
  • Boozilla@lemmy.worldtoTechnology@lemmy.worldPasswords have problems, but passkeys have moreEnglish
    3·
    23 days ago

    I’m not against passkeys. They have some real advantages. And I understand more than you think.

    My comment is primarily about the preferred ecosystems that tend to come along with these newer solutions (like Apple’s iCloud or Google’s Password Manager) and how the corporations take advantage of user laziness and bandwagon jumping.

    They may not force you to be exclusive with them, but they definitely want you to be. And over time they will likely make it more and more inconvenient not to be locked in with them.

    For contrast, I use BitWarden for password management and Bitwarden Authenticator for TOTP (and I keep safe copies of TOTP secret keys elsewhere). This is a generic open-standards-first approach to things, with relatively easy recovery should you lose something. You can export your passwords. You have copies of your secret keys. You are in no way locked in to BitWarden forever.

    Passkeys can also work within that type of operational framework! Like TOTP which normally uses RFC6238, Passkeys tend to use CTAP or WebAuthn. All of the above are open standards. And this is a good thing!

    But do you really think Apple, Google, Microsoft, etc, want to play nice long term? Hopefully they will. But I have also run into evil nonsense like LastPass, which even though they also used open standards, their software would not allow you to do simple things like recover your own secret keys, export your data, etc. (Not to mention the embarrassing security breach they had and the wretched response, the main reasons to dump them).

    While I am not directly comparing an idiot company like GoTo Tech with Apple et al, they all have the same types of big brain MBA types working for them who love to constantly brainstorm new ideas on how to screw the users over by taking features away and calling it a “software upgrade”.

    So, passkeys as a security mechanism: sure, this gets my vote. But trusting the big corporations not to change the rules on us later…come on, get real. They love limiting or removing portability and recovery options whenever they can.

    Bottom line: don’t assume passkeys are inherently good or bad. It’s simply a security standard that can work well if implemented correctly. Passkeys make logging in easier. But will they also make recovery / export / migration easier…? Because if it’s not easy, people won’t do it.

  • Boozilla@lemmy.worldtoTechnology@lemmy.worldPasswords have problems, but passkeys have moreEnglish
    164·
    23 days ago

    Whenever I read an article about security (and read the comments, even here on Lemmy) I’m constantly frustrated and depressed by a couple of things.

    1. Corporations making things shittier with the intention of locking customers in to their stupid proprietary ecosystem. And of course, they are always seeking more data harvesting. Security itself is way down the list of their priories, if it’s even there at all.

    2. Users being lazy trend-followers who quickly sacrifice their security on the altar of convenience and whatever shiny new FOMO thing is offered up for “better security”.

    It’s a very bad combination. Doing security right is a bit inconvenient (which users hate) and expensive (which corporations hate).

  • Boozilla@lemmy.worldtomemes@lemmy.worldBecause I'm lazyEnglish
    13·
    27 days ago

    Some call this Cunningham’s Law. It is remarkable how people will ignore a question, but trip over themselves to correct someone. Pedants are going to be pedantic (but may have a useful answer occasionally).

    The developers where I work sometimes use this trick on our users. When they can’t get a response from the users on a request for design input or feedback on something (which happens a lot) the devs will sometimes release some piece of garbage looking thing, and then the users will very quickly put in support cases with the requested info telling them the missing stuff, etc.

    Human nature is why we can’t have nice things.

  • Boozilla@lemmy.worldtoComic Strips@lemmy.worldInjuries at different ages [Extra Fabulous Comics]English
    401·
    29 days ago

    So many poor “design choices” in human anatomy. (Note, I know there’s no intelligent design).

    The optic nerve. External testicles. Lack of decent fur. The way some nerves and blood vessels are routed make zero sense. An immune system that often wants to kill you. The list goes on. I’m sure a biologist or medical person could add plenty more. Many animals have some of these traits, too. If some trait or process is just barely good enough, nature will chug along with it for millions of years. Nature is all about some redneck engineering.

  • Boozilla@lemmy.worldtoComic Strips@lemmy.worldLil VoidEnglish
    4·
    1 month ago

    DM: I’m sorry there’s really no good place to hide in here.

    Rogue: You know how good my stealth is. At least let me roll.

    DM: sighs Fine. But to make it all the way across the brightly illuminated room unseen, you we will need to roll 4 times, OK?

    Rogue:

    • Nat 20
    • Nat 20
    • Nat 20
    • Nat 20

    DM: Yeah, I’m going to need to see that d20.