On this episode of The Vergecast, we figure out passkeys once and for all.

Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing… that lives on my phone? What if I lose my phone? What if you steal my phone?

  • blackbirdbiryani@lemmy.worldEnglish
    62·
    9 months ago

    Only if you’re specifically targeted. I know enough regex to know that nobody is going to bother trying to parse known passwords to identify patterns like that when there’s a billion suckers who use ‘password123’ for their bank accounts.

    As long as the pattern is not super predictable, and aren’t dictionary words, nobody is brute forcing that.

    • subtext@lemmy.worldEnglish
      41·
      9 months ago

      Even a minute mental load at everything you need to log into in a day is still more than the zero mental load I have when using a password manager.

      It’s not just more secure, it’s far more convenient. Plus once you start to share a life with someone, you can share all your accounts and passwords effortlessly as well.

    • KairuByte@lemmy.dbzer0.comEnglish
      31·
      9 months ago

      These would be extremely easy to detect with regex. Just look for the service name in a password, including common leet speak conversion.

      Password123-Facebook then easily becomes Password123-GitHub or Password123-Walgreens.

      I can assure you, if I was a bad actor that got my hands on a password dump, I’m checking for these kinds of passwords pretty early on.

      Edit: A word.