Wtf is this…they say password managers aren’t very secure, but then recommend Passkeys which is literally the same thing… But less secure because they rely on biometrics which you can’t ever change, or a pin which is well…a damn password
Anyone who starts off telling you that they’re the most popular and trusted should probably not, in fact, be trusted. Especially if they’re calling for not using password managers. Passkeys are interesting in theory, but my understanding is that most of the implementations are just another way for big tech to track you.
Passkey doesn’t require biometrics necessarily. Password managers are adding support for them, so you can use bitwarden for example which supports password and a security device combo to login and use the passkeys. Passkeys should be more secure than passwords in a password manager since it would only allow using it in the proper domain preventing attacks like opening malicious links in emails or typos when typing a domain manually.
That said a lot of the current approaches to passkeys do use biometric / pin to unlock so you gotta find what’s right for your OPSEC values.
Wtf is this…they say password managers aren’t very secure, but then recommend Passkeys which is literally the same thing… But less secure because they rely on biometrics which you can’t ever change, or a pin which is well…a damn password
Anyone who starts off telling you that they’re the most popular and trusted should probably not, in fact, be trusted. Especially if they’re calling for not using password managers. Passkeys are interesting in theory, but my understanding is that most of the implementations are just another way for big tech to track you.
Passkey doesn’t require biometrics necessarily. Password managers are adding support for them, so you can use bitwarden for example which supports password and a security device combo to login and use the passkeys. Passkeys should be more secure than passwords in a password manager since it would only allow using it in the proper domain preventing attacks like opening malicious links in emails or typos when typing a domain manually.
That said a lot of the current approaches to passkeys do use biometric / pin to unlock so you gotta find what’s right for your OPSEC values.
All that said, the article seems pretty bad.