undefined | Better HN

0 pointstorstenvl2y ago0 comments

> there's no social-engineering technique someone can use to get you to copy and paste your passkey to an enemy

This is a deep, fundamental flaw in passkeys. It's just another example of enshittification disguised as denying end-user control "for their own good." There is no for-profit organization anywhere that I trust more than I trust myself, and there's no threat model where it's more likely I'll be socially engineered into giving up my long random password than that I'll suffer data loss.

0 comments

psd12y ago

Good for you; I'm ashamed to say that I've hurt my data sanctity far more than any criminal has, with 2am tinkering with my systems.

I have vaultwarden at home but I don't use it because I just know I'll fuck up my tunnel while I'm travelling or something.

This is my threat model: "hi mum. I need you to drive to my house and fish a keyboard out of the cupboard. Plug it into the big black box and type exactly what I tell you..."

1 more reply

iknowstuff2y ago

Then use a password manager that allows it

1 more reply

j / k navigate · click thread line to collapse

0 comments

psd12y ago

Good for you; I'm ashamed to say that I've hurt my data sanctity far more than any criminal has, with 2am tinkering with my systems.

I have vaultwarden at home but I don't use it because I just know I'll fuck up my tunnel while I'm travelling or something.

This is my threat model: "hi mum. I need you to drive to my house and fish a keyboard out of the cupboard. Plug it into the big black box and type exactly what I tell you..."

1 more reply

iknowstuff2y ago

Then use a password manager that allows it

1 more reply

j / k navigate · click thread line to collapse