this post was submitted on 11 Oct 2023
-26 points (19.0% liked)

Technology

59398 readers
2619 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 9 points 1 year ago* (last edited 1 year ago) (2 children)

If anyone here does start using passkeys, just please please please make sure you have backups. And test that you can restore from those backups!

I've read horror stories about losing or breaking a phone and being locked out of everything because the standard phone backups don't save the passkeys private keys.

Personally I'm waiting until Bitwarden supports passkeys and I've made damn sure I can restore them from backup.

[–] [email protected] 10 points 1 year ago* (last edited 1 year ago)

That’s not how passkeys work. You still have the usual Google account recovery flow.

Just make sure you have some 2FA backup codes stuffed into a sock drawer somewhere, that your email address and telephone numbers are up to date and you should be ok.

[–] [email protected] 4 points 1 year ago

I’ve read horror stories about losing or breaking a phone and being locked out of everything because the standard phone backups don’t save the passkeys private keys.

This is no different than what we already have. Many people don't backup their TOTP to any cloud provider, or even themselves, and if their phone breaks, they lose all of their TOTP. And most people don't save recovery keys (if the service even provides them).

So ya. Stop fear mongering.