Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing… that lives on my phone? What if I lose my phone? What if you steal my phone?

  • @[email protected]
    link
    fedilink
    English
    4
    edit-2
    9 months ago

    Assuming you have a strong base password you aren’t concerned with being broken, you can use that, followed by a unique identifier for what you’re logging into, so every password is essentially the same, but also unique. Something like, translate the lyrics to a song (say without me by Eminem) to first letters and punctuations, 2tpggrto,rto,rto, and add the identifier.

    2tpggrto,rto,rto-goog 2tpggrto,rto,rto-faceb

    This is essentially how I manage my passwords that I want to actually remember. Just make sure you’re not SUPER obvious with how you make the identifier, perhaps -g0og or -f4c3b0ok. And no, I don’t use that song lol.

    • @[email protected]
      link
      fedilink
      English
      109 months ago

      This is essentially the same thing as using the same password everywhere.

      Yeah, they are unique. But if one is broken, they are all essentially broken.

      • @[email protected]
        link
        fedilink
        English
        69 months ago

        Only if you’re specifically targeted. I know enough regex to know that nobody is going to bother trying to parse known passwords to identify patterns like that when there’s a billion suckers who use ‘password123’ for their bank accounts.

        As long as the pattern is not super predictable, and aren’t dictionary words, nobody is brute forcing that.

        • @[email protected]
          link
          fedilink
          English
          49 months ago

          Even a minute mental load at everything you need to log into in a day is still more than the zero mental load I have when using a password manager.

          It’s not just more secure, it’s far more convenient. Plus once you start to share a life with someone, you can share all your accounts and passwords effortlessly as well.

        • @[email protected]
          link
          fedilink
          English
          3
          edit-2
          9 months ago

          These would be extremely easy to detect with regex. Just look for the service name in a password, including common leet speak conversion.

          Password123-Facebook then easily becomes Password123-GitHub or Password123-Walgreens.

          I can assure you, if I was a bad actor that got my hands on a password dump, I’m checking for these kinds of passwords pretty early on.

          Edit: A word.