https://nitter.net/axios/status/1712679556375601187

  • CarbonScored [any]
    ·
    edit-2
    1 year ago

    Every 'passwordless' solution to passwords always ends up being the informational equivalent of 'passwords, but the method is changed'. Biometrics are just a once-in-a-lifetime password that's entered differently, password managers are just all your passwords, but behind one big password.

    Even 2FA is just "password you know" and "password your device knows".

    Not saying these solutions don't have value, but to say passwords are outdated is a bit silly.

    • WayeeCool [comrade/them]
      ·
      edit-2
      1 year ago

      USB/NFC hardware keys are pretty good though, they are just the current form of smartcard hardware keys that have been around since the late 1990s for high security environments. If you worked for certain federal agencies or private sector companies, you might have used them. They are old technology at this point that has more recently been introduced into the consumer space as platforms and companies face backlash for constantly having security breaches.

      • CarbonScored [any]
        ·
        edit-2
        1 year ago

        I have used them (coincidentally, with Okta), and they are pretty neat! I actually choose to use them instead of a smartphone app where I can, because it's much faster to use. I'd recommend them to companies as a good measure.

        They are still effectively 2FA where it's just a lot harder to work out the proprietary system with which the password is encoded. So it is a sort of a 'security by obscurity', but the likelihood of someone going through all the work to disassemble your key and work it out with you noticing / before the key gets invalidated is pretty low, so unless you're protecting something super-duper high value (and assuming the manufacturer hasn't screwed up too badly), they'll do a good job.