@[email protected] to [email protected] • 22 hours agoTake your passkey and shove it where the sun don't shinelemmy.worldmessage-square97fedilinkarrow-up1399
arrow-up1399imageTake your passkey and shove it where the sun don't shinelemmy.world@[email protected] to [email protected] • 22 hours agomessage-square97fedilink
minus-squareEngywucklinkfedilink13•21 hours agoWhy would I want security based on a device? What security this offers greater than a 64 chars password + 2FA?
minus-squareNatanaellinkfedilink2•11 hours agoTOTP codes can be phished, hardware security keys and passkey can’t
minus-squareEngywucklinkfedilink1•9 hours agoI doubt that anyone that doesn’t use “password” as a password and who knows what 2FA is could be easily subject to phishing.
minus-squareNatanaellinkfedilink2•3 hours agoIt literally just takes a slightly different domain name. Lots of infosec pros have been phished when not paying attention
Why would I want security based on a device? What security this offers greater than a 64 chars password + 2FA?
TOTP codes can be phished, hardware security keys and passkey can’t
I doubt that anyone that doesn’t use “password” as a password and who knows what 2FA is could be easily subject to phishing.
It literally just takes a slightly different domain name. Lots of infosec pros have been phished when not paying attention