Because social networks are only as good as the people who are on them.

If you want to roll your own with keepass that’s fine, but most people will want a more comprehensive solution.

If you’re paranoid about this, go buy a yubikey and use that to secure your device/access to your passkeys. Being able to secure your own data instead of relying on the admin who may or may not know what they’re doing to secure the server is an advantage of passkeys.

It’'s really up to the end device (and the user of said device) to decide how much security to put around the local keys. But importantly, it also requires access to the device the passkeys are stored on which is a second factor. And notably many of the implementations of it require biometrics to unlock.

The “one password” thing is also true of password managers, of course. One thing about having one master passphrase is that if you do not have to remember 50 of them, then you can make that passphrase better then you otherwise might, plus it should be unique, which prevents one of the most common attack vectors.

If you’ve ever used ssh it’s very similar to how ssh keys work. You create a cryptographic key for the site; this is the passkey itself. When you go to “log in” the client and server exchange cryptographic challenges, which also verifies the site’s identity (so you can’t be phished…another site can’t pretend to be your bank, and there are no credentials to steal anyway). Keys are stored locally and are generally access restricted by various methods like PIN, passphrase, security key, OTP, etc. When you’re entering your PIN it’s how the OS has chosen to secure the key storage. But you’ve also already passed one of the security hurdles just by having access to that phone/computer. It is “something you have”.

Password managers are never going to hit anywhere near 100% adoption rate. It requires knowledge on the part of the user and in many cases money. No grandma isn’t going to roll her own with keepass. Most likely she’ll never even know what a password manager is. And as long as those users are still out there, admins still have to deal with all the problems they bring.

Incidentally I looked and it’s been over a decade since I started using my first password manager. They’re not that new.

You’re looking at this from the perspective of an educated end user. You’re pretty secure already from some common attack vectors. You’re also in the minority. Passkeys are largely about the health of the entire ecosystem. Not only do they protect against credentials being stolen, they also protect against phishing attacks because identity verification is built in. That is of huge value if you’re administering a site. Yes if everyone used a password manager there would be less value, but only about a third of users do that. And as an admin you can’t just say “well that guy got phished but it’s his own fault for not using a password manager.”

I do think that we need more standard procedures around what a reset/authorize new device looks like in a passkey world. There’s a lot about that process that just seems like it’s up to the implementer. But I don’t think that invalidates passkeys as a whole, and most people are going to have access to their mobile device for 2 factor no matter where they are.

Incidentally I have no idea who this is or whether his opinion should be lent more weight.

Did you try evolving them?

He didn’t bilk Tesla shareholders into his huge pay package because he doesn’t care about money.

There are a lot of subreddits for which there is no real replacement. Sometimes the strength in a community is the people. Doesn’t matter if reddit sucks if the people are there.

It seems like the new account deleter scripts replace all comments with random text rather than actually delete them, which I’m sure makes it harder for reddit to undelete.

A lot of subreddits have done that. The problem is nobody notices…

A lot of people have professional reasons to be on Twitter. If you’re trying to promote a business you need to be where the people are and none of the alternatives have anywhere near Twitter’s size.

Frankly I’m mostly annoyed that my browser allows web sites to block cut and paste, ever. I am capable of making my own decisions over whether I want to cut and paste.

There are plugins that will disallow this. I think the one I use is “don’t fuck with paste”

Probably testing it for gta6.

Is “get rid of all anti-cheat” a popular position outside of Lemmy? I don’t really play these sorts of games but was under the impression that most competitive multiplayer would be unplayable without anti-cheat measures.

LOL, yeah, manufacturers don’t follow this at all.

Given how many older windows PCs ended up in botnets, forced automatic updates was probably a good thing.

If you’re calling 95 bad i don’t think you spent a lot of time in 3.1. Resolving IRQ conflicts, configuring winsock.DLL, whatever the hell else. 95 had its issues, especially on the gaming side, but it was leaps and bounds better than what came before. Meanwhile 98SE was good enough to keep people, especially gamers, on it for a long time.