• azalty@jlai.lu
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 month ago

    I have never understood the goal of passkeys. Skipping 2FA seems like a security issue and storing passkeys in my password manager is like storing 2FA keys on it: the whole point is that I should check on 2 devices, and my phone is probably the most secure of them all.

    • sem@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      0
      ·
      1 month ago

      I love storing 2FA in the password manager, and I use a separate 2FA to unlock the password manager

      • azalty@jlai.lu
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        1 month ago

        I imagine you keep your password manager unlocked, or as not requiring 2FA on trusted devices then? Re entering 2FA each session is annoying

        You still have the treat of viruses or similar. If someone gets access on your device while the password manager is unlocked (ex: some trojan on your computer), you’re completely cooked. If anything it makes it worse than not having 2FA at all.

        If you can access your password manager without using 2FA on your phone and have the built in phone biometrics to open it like phone pin, finger or face, someone stealing your phone can do some damage. (Well, the same stands for a regular 2FA app, but meh, I just don’t see an improvement)