Comments by "" (@diadetediotedio6918) on "Passkeys: The Future Of Authentication" video.

  1. This appears to have the exact same secuirity level of using a password manager: - You generate passwords for every website - You rely on a tool to send and consume the authentication process - You create a single weak point on the security chain that is you instead of the server (as you still have an unique password in the password manager)
    4
  2.  @Skyb0rg  The password manager can have pishing prevention as well by just checking the URL's for you, this is not a counter-argument.
    2
  3.  @dealloc  And he never said they invented it, he said they adopted it a long ago before it was even mainstream. Your hate for web3 should not blind you to what is being said.
    1
  4. ​ @dealloc  "figured out" = "invented it"? I think "figured out" can express "discovered a solution that most people don't use" or "had the idea to use it this specific way" perfectly.
    1
  5. ​ @Skyb0rg  But it is possible, my point was not about "the lowest safer password manager", it was about password managers in general and their best capabilities. A steelman of this argument would follow this lines: "A good password manager with pishing protections (for example by having an extension in the browser that checks the certificates and stores them when creating accounts) and good password protections (for example, that never shows the user their passwords, that generates strong and safer passwords, that keeps them encrypted all the time but on the act of login, that never repeats passwords, that associates passwords created with the sites they were created, etc) equates in security level a passkey".
    1
  6.  @LimitedWard  Again, this is not a fair response to what I said. 1. The degree a password manager can mitigate this problem <is literally the same> as passkeys on the edge. If the problem is "the user will ignore the password manager" then the problem with passkeys is that the user "will ignore them" anyways. If your answer is "we will just force them by limiting their options" then the same thing can be applied to password managers. 2. The same goes for a password manager that generate random strong passwords for each single account you use them to create. 3. I fail to see how this is possible. If they are offline the possible detection mechanisms should be the same for a password manager and the passkey software. For the last point, I can concede that passkeys have an advantage in this specific scenario where the password manager is stored in a local computer, but so does any kind of asymmetric encryption schema (unless you are talking about it in a very specific tone). The password manager could also be theoretically stored in a hardware device which ultimately would solve the same problem. And in the end of the day in both scenarios the hardware would then be the point of failure.
    1