• @4am@lemm.ee
    link
    fedilink
    English
    241 month ago

    All the major password managers store passkeys now. I have every passkey I’ve been able to make stored in Bitwarden, and they’re accessible on all my devices.

    Article is behind the times, and this dude was wrong to “rip out” passkeys as an option.

    • dinckel
      link
      fedilink
      English
      121 month ago

      That’s a typical DHH article, essentially. He has some interesting insights, but everything else is borderline cult-leader opinions, and some people follow it as gospel

      • Semi-Hemi-Lemmygod
        link
        fedilink
        English
        21 month ago

        I feel like if DHH hadn’t picked Ruby on Rails it and standalone Ruby would be much more popular today.

    • @phoneymouse@lemmy.world
      link
      fedilink
      English
      61 month ago

      If a password manager stores passkeys, how is that much different than just using a password manager with passwords?

      • Encrypt-Keeper
        link
        fedilink
        English
        101 month ago

        Storing passwords in a password manager is storing a shared secret where you can only control the security on your end and thus is still vulnerable to theft in a breach, negligence on the part of the party you’ve shared it with, phishing, man in the middle potentially, etc.

        Storing a passkey in a password manager on the other hand is storing an unshared secret that nobody but you has access to, doesn’t leave your device during use, is highly phishing resistant, can’t be mishandled by the sites you use it to connect to etc.

        • @smitty825@lemmy.world
          link
          fedilink
          English
          11 month ago

          Can you elaborate a bit more? If I create a passkey on https://passkeys.io on my Mac, then store the passkey in a password manager like Bitwarden, I can log into that site on my phone. I was kinda under the impression that Bitwarden stored the private key on their servers, so if their site gets hacked, then the attacker has access to my passkey.io account?

          • Encrypt-Keeper
            link
            fedilink
            English
            11 month ago

            Bitwarden stores your passkeys on your local device. It can sync the passkey between devices but that’s end to end encrypted, bitwarden never has access to any of your passkeys or even your passwords.

    • Beej Jorgensen
      link
      English
      21 month ago

      I need to sync my passkeys between all my devices–which really means I need keepass to store the private keys in its DB so I can sync it with all the other keepass-compatible apps I use in various places. Last I looked, this wasn’t solved, but it’s been a minute. I’m certainly not using a centralized password manager unless they all can freely import and export from one another. I understand this is a “being worked on” problem.

      So someday, yes.

        • Beej Jorgensen
          link
          English
          11 month ago

          Yes, it is. I just need to know that the passkeys are in that file and that all the apps I use to read that file support them.