cm0002@lemmy.world to memes@lemmy.world · 5 个月前Take your passkey and shove it where the sun don't shinelemmy.worldimagemessage-square174fedilinkarrow-up1578arrow-down140
arrow-up1538arrow-down1imageTake your passkey and shove it where the sun don't shinelemmy.worldcm0002@lemmy.world to memes@lemmy.world · 5 个月前message-square174fedilink
minus-squareEngywook@lemm.eelinkfedilinkarrow-up12arrow-down1·5 个月前Why would I want security based on a device? What security this offers greater than a 64 chars password + 2FA?
minus-squareNatanael@infosec.publinkfedilinkarrow-up3·5 个月前TOTP codes can be phished, hardware security keys and passkey can’t
minus-squareEngywook@lemm.eelinkfedilinkarrow-up1arrow-down1·5 个月前I doubt that anyone that doesn’t use “password” as a password and who knows what 2FA is could be easily subject to phishing.
minus-squareNatanael@infosec.publinkfedilinkarrow-up3·5 个月前It literally just takes a slightly different domain name. Lots of infosec pros have been phished when not paying attention
Why would I want security based on a device? What security this offers greater than a 64 chars password + 2FA?
TOTP codes can be phished, hardware security keys and passkey can’t
I doubt that anyone that doesn’t use “password” as a password and who knows what 2FA is could be easily subject to phishing.
It literally just takes a slightly different domain name. Lots of infosec pros have been phished when not paying attention