do people here use passkey to log-in?

[the grey cat]

this wasn't here before and was added early this year. does it actually work or is it just there for decoration?

 

[CEO of Autism]

I assume it's for users with 2FA enabled.

 

[JohnnyG]

No. No, man. Shit no, man. I believe you'd get your ass kicked logging in like that, man.

Like any good semi-autist, I have one base password, to which I attach a few different number/symbol endings, depending on the importance of the login. So I don't remember my exact KF pass but know it's one of a couple tard-tier options. Then for bank stuff, I know it's one of a few more secure ones.

I'm basically a human password manager that takes a couple tries.

 

[User names must be unique]

No. No, man. Shit no, man. I believe you'd get your ass kicked logging in like that, man.

Like any good semi-autist, I have one base password, to which I attach a few different number/symbol endings, depending on the importance of the login. So I don't remember my exact KF pass but know it's one of a couple tard-tier options. Then for bank stuff, I know it's one of a few more secure ones.

I'm basically a human password manager that takes a couple tries.

I do pretty much the same but I recommend using a different base password for different emails/usernames to avoid potentially tying identities together.

 

[Swole McPole]

Proton Pass. Went there when I signed up because they were the recommended email provider. Found that they had the least horrible password manager. (I've tried LastPass, Bitwarden and KeePassXC. Prefer Proton Pass to all of them.)

 

[glow]

Danger: passkeys have very good security characteristics but they are keyed on the domain so if the domain changes again you would be fucked if you didn't have a recovery code. For me, user, pass + totp is good enough. Passkeys are for your high value things such as your email account or password manager.

If you do want to use passkeys, consider using one of the newer Yubikeys that supports them as opposed to your spyware cloud accounts like iCloud/Microsoft, or Tim Cook will know where you shitpost.

 

[Nuclear Operative]

Proton Pass. Went there when I signed up because they were the recommended email provider. Found that they had the least horrible password manager. (I've tried LastPass, Bitwarden and KeePassXC. Prefer Proton Pass to all of them.)

I've been using KeePass XC and it works well as you would expect for an FOSS program, how's Proton Pass compared to KeePass XC?

 

[XYZpdq Jr.]

I just have a big txt file with all my variants of Pa$$w0rd98765

 

[Nagato Kai Ni Surigao]

The number of people in this thread that openly admit to not having 99 character randomly generated passwords is concerning

 

[BTS4Lyfe]

I use yubikeys, might start using one here. I will report back after I register one of them on here.

 

[BTS4Lyfe]

Well it does not seem to work for now. I have tried 2 different browsers and made sure that i can use my Yubikey on my mail on one of them. I get to the point where it asks me to use the button on the key after which it should finish the registration. Then I get an error message.

 

[Shoxy Moon]

Since Snowden and all that was: I mistrust this

I just have a big txt file with all my variants of Pa$$w0rd98765

Now use editor which can crypt AES and never save plaintext = perfect. Good security isn't about sophisticated, rather smart.

The number of people in this thread that openly admit to not having 99 character randomly generated passwords is concerning

Industry/Countries are also at fault for not establishing (for example) hashing standard requirements - because it would undermine..? you guess

 

[Carlos Thin]

I only access the farms if I’m behind 7 proxies and I’ve injected JavaScript into the DNS query table to make sure no onion IP addresses are listening into my custom VB.NET server. I like to keep SharkTank running in the background just in case. I hope you guys aren’t seriously still using passwords.

 

[Dr. Sexbot]

Anyone foolish enough to use this deserves the pink join date of shame when they invariably get locked out and have to create a new account.

 

[Darkholme's Dungeon]

I tried it for luls with a throwaway key and it is still broken. Which does make me think why bother advertising this feature. I'd rather have PGP signing on site via keys enabled.

 

[urr13 account]

I just use my social security number and date of birth for the password, easy to remember.

 

[Dandelions]

I can't seem to create a passkey for my account. I use Proton Pass on Firefox and an error continually appears.

 

[the grey cat]

I can't seem to create a passkey for my account. I use Proton Pass on Firefox and an error continually appears.

heed this warning:

Danger: passkeys have very good security characteristics but they are keyed on the domain so if the domain changes again you would be fucked if you didn't have a recovery code.

 

[Not Even Kiwi Music]

heed this warning:

You could get away with it if you put the recovery code within the notes of your account in your preferred password manager, or elsewhere. I would still rather opt for only OTPs instead which is more than good enough. Maybe on a smartphone passkeys are slightly more convenient, but browsing most forums within a mobile device is just atrocious to begin with.

 

[Dandelions]

It's not smart to put any recovery code or phrase into your password manager. I have all my existing accounts login information copied onto two small pocket books. One has the user/password/email combination and the other has the recovery code/phrases & OTP seed.