this post was submitted on 28 Feb 2025
533 points (93.3% liked)

memes

12170 readers
2130 users here now

Community rules

1. Be civilNo trolling, bigotry or other insulting / annoying behaviour

2. No politicsThis is non-politics community. For political memes please go to [email protected]

3. No recent repostsCheck for reposts when posting a meme, you can only repost after 1 month

4. No botsNo bots without the express approval of the mods or the admins

5. No Spam/AdsNo advertisements or spam. This is an instance rule and the only way to live.

A collection of some classic Lemmy memes for your enjoyment

Sister communities

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
533
Take your passkey and shove it where the sun don't shine (lemmy.world)
submitted 2 days ago by [email protected] to c/[email protected]
167 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 13 points 2 days ago (1 children)

BitWarden has a desktop extension and it also handles 2FA. No reason to be using a password, which is way less secure and can be extracted from a website DB via a hack.

[–] [email protected] 4 points 2 days ago (2 children)

Doesn't the 2FA protect users still, if they only got the password?

[–] [email protected] 3 points 1 day ago (1 children)

In practice, yes. IF IMPLEMENTED PROPERLY it would be extremely unlikely for an attacker to get in.

For example with a proper implementation of TOTP it would require an attacker to guess the correct number between 1 and a million in less than a minute. Most services make you wait a little bit (often less than humans notice) between attempts and don't allow infinite attempts, so an attacker would have to be unimaginably lucky.

There are sadly lots of huge companies that DON'T IMPLEMENT 2FA PROPERLY. Sony Entertainment (account for PlayStation) for example. So a unique and long password is still important.

[–] [email protected] 2 points 1 day ago

TOTP can be phished remotely, passkeys / hardware security keys can't (need to get malware into the users' computer instead)

[–] [email protected] 0 points 1 day ago

It does, but not everyone sets up their 2fa, or uses the least secure forms. Then passwords get hacked, and those lists get shared so when the next hack comes along, they have that many more tools to try and break the encryption (assuming there is any) on a bigger site, compromising even more people.

It's a whole systemic shit bag. Passkeys were meant to solve a lot of these problems, and they would, but Big Tech is botching the execution in favor of yet another thing locking you into their ecosystem.