Privacy

31606 readers

456 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

479

Bitwarden, Dashlane, 1Password and others have joined together to make passkeys portable (bitwarden.com)

submitted 2 days ago by soothing_salamander@lemmy.ml to c/privacy@lemmy.ml

65 comments fedilink hide all child comments

Looks like a huge amount of security vendors are working to have a secure and open standard for passkey portability between platforms.

It is always good to see major collaboration in the security space like this considering the harsh opinions that users of some of these vendors have toward many of the others. I just wish apps and sites would stop making me login with username and password if passkeys are meant to replace that lol.

you are viewing a single comment's thread
view the rest of the comments

[–] Ferk@lemmy.ml 2 points 3 hours ago* (last edited 2 hours ago) (1 children)

You share public keys when registering the passkey on a third party service, but for the portability of the keys to other password managers (what the article is about) the private ones do need to be transferred (that's the whole point of making them portable).

I think the phishing concerns are about attackers using this new portability feature to get a user (via phishing / social engineering) to export/move their passkeys to the attacker's store. The point is that portability shouldn't be so user-friendly / transparent that it becomes exploitable.

That said, I don't know if this new protocol makes things THAT easy to port (probably not?).

[–] Petter1@lemm.ee 1 points 1 hour ago* (last edited 1 hour ago)

Well, they made it very secure with the transfer of passwords /s

It felt so strange having a CSV file with all my passwords and 2FA secrets in plain text in my downloads folder..

Imagine if would not have used a encrypted partition, my passwords may still be on that disk…