• sir_pronoun@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    20 days ago

    But that is exactly what he recommends, using a password manager - with one time email authentication for the first login as an extra step, right?

    • asap@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      20 days ago

      edit: I think I’ve misunderstood the point of the article. In a non-obvious (to me at least) way, he is saying passkeys are dangerous for people without password managers, therefore for most people passwords are still better.

    • hedgehog@ttrpg.network
      link
      fedilink
      arrow-up
      2
      ·
      20 days ago

      But that is exactly what he recommends, using a password manager - with one time email authentication for the first login as an extra step, right?

      Nope.

      Using a cross-platform password manager with synced passkeys is different and much more secure than using a password manager with email TOTPs or sign-in links with emails that aren’t end-to-end encrypted.

      And password manager adoption is much higher than PGP keyserver adoption, and if you can’t discover someone’s public key you can’t use it to encrypt a message to them, so sending end-to-end encrypted emails with TOTPs/sign-on links isn’t a practical option.

      According to Statista, 34% of Americans used password managers in 2023 (a huge increase from 21% in 2022), so it’s not even like the best case scenario is rare.