@Felix30

Many providers usually provide an alternative option, e.g. via email or entering a password via a login window.

Thank you, this is very interesting and useful!

If there was a single provider it would be good. But Google has one and many others, so ultimately you have to have many such apps on your cell phone. And when you can no longer log in, the trouble really begins and you have to wait for days until it works again. So it’s absolute nonsense, the good old password is still the best. Unfortunately I also have to use this nonsense for three logins and have to use three different key apps for them🤣

Hi @Mionninnie57

Yikes - you’re on an interesting course

.Uniform providers are never the solution - that only leads to a monopoly. The motto must be: open standards. And this is WebAuthn.

So you probably either don’t use a passkey, but rather some proprietary solutions, or you have unnecessarily installed 3 apps for the same technology 😉

LG

r00t

@Mionninnie57

Unfortunately, passwords are no longer secure in today’s Internet service. 😕

Face recognition is also a good service and is already used several times today.

OK to study closely before installation!

Why should passwords no longer be secure? When I’m not posting these on Instagram, they’re still safe and I’ve never had any problems. But if your mobile phone breaks or is lost, then the trouble begins with how to get access again, because the apps usually depend on the registered mobile phone, so it is an absolutely useless technology. At banks you wait from 2 to several days. Or calls to the provider, changing phone numbers is no longer so easy, etc. If you want to make your life even more difficult, then this immature junk is exactly the right way.

Hi @Mionninnie57

Sorry, I have to jump in again:

I’ve never had any problems

I’ve never had a car stolen - I don’t understand why we spend so much money on the police

As someone who is close to the password cracking industry (only to the extent allowed, of course), I can tell you that the reality is very different. Passwords are the internet user’s natural enemy. Because to really take it seriously, every page has a completely randomly generated, long password.

Nobody can remember that - that’s why password managers exist.

And if you already have a password manager, you can store a private key instead of a password. Using the challenge-response procedure, you no longer have to transmit it etc. etc. etc: (Excerpt from Wikipedia🙂

• As the private part of a credential is automatically generated using a sane algorithm with sane parameters and randomness, and stored in a trusted authenticator, the following issues disappear:
• Easily bruteforceable passwords due to insufficient length.
• Easily guessable passwords by dictionary attacks (e.g., “password”, “12345678”, etc.).
• Easily guessable passwords by social engineering (e.g., date of birth, home address, etc.).
• Inadequate password storage on the client side (e.g., written on a post-it note, in a book, in the mobile phone contact list, etc.).
• Password reusal for different websites, as different credentials are automatically created for different websites.
• The need for servers to enforce minimum criteria for passwords while not limiting usability.
• Servers setting arbitrary and inadequate restrictions on the maximum length of passwords and the allowed charset.
• As the private part of a credential is never stored on a database on a server, the following issues disappear:
• Inadequate password storage in databases (e.g., plaintext, or using weak or insecure algorithms or constructions).
• Potential databases leaks exposing passwords.
• As credentials are different for every website, the following issues disappear:
• Credential stuffing attacks that combine database leaks with the common practice of reusing passwords for multiple websites.
• Phishing attacks, as the user verification process never involves credentials for the wrong website.

Personally, I use passkeys wherever possible - with my password manager these are also available on all devices. If you have a problem with access when even one device is down, then it is due to your security concept - not due to “immature” technology.

If you forget a password, it’s not the password’s fault 😉

LG

r00t

I still trust Keepass. Database on a cloud, offline backup on various devices.

I currently think the auth method from Micrososft and Google via the authenticator is ok.

Yes, Keepass database in Cloud A, an additional key file in Cloud B or locally on the corresponding device. I’ve been living with this solution for several years without any problems…

thanks for the article.

however… remarks:

I prefer the French translation from Microsoft (found on 01net):

and regarding this article:

- the title:

The access key – a future without password

- a sentence from the article:

Instead, you authenticate via your smartphone or tablet via a PIN, master password, facial recognition or your fingerprint.

finally, encryption strictly speaking does not exist as such…

explanations: encrypt.info

--> go down the page, to the author, to read the entire short definitions.

Unfortunately it’s already too late for me; I fell into a perfidious trap.

However, if an attacker accesses the passkey, he/she can access all the applications

little news:

[www.lemondeinformatique.fr/actualites/lire-les-passkeys-pas-si-invulnerables-que-ca-94235.html](https://www.lemondeinformatique.fr/actualites/lire-les-passkeys-pas- so-invulnerable-as-ca-94235.html)

sorry for not being more positive…

So Apple recently integrated Passkey support into all its devices, and (like TOTP authentication a few years ago) I am updating my authentication info to include Passkeys where supported.

So… Swisscom, when are you going to eliminate user friction and frustration and implement Passkeys?

You failed to provide an authenticator solution, and it is way, way, past time to depreciate the increasingly obsolete and forever cumbersome home-brew solutions like MobileID.

regards,

bbrsc24.