They really do just have…a lot of pointy bits.

Ranch dressing and blondies for some reason.

Funny how the fact that I’ve owned a Walkman, discman, iPod classic, iPod nano, and iPhone as music solutions is kind of generation defining.

I think they call them devops now.

I don’t know a fucking thing about Romanian law but this sounds 100% normal. If it’s to your advantage to delay then your lawyer will delay.

Presumably because they are continually picking up new players from younger age groups while retaining many older players, but I don’t really have any interest in those games so I don’t know much about them. I’m not really seeing how this directly relates to my comment, either.

Or uh maybe old games are still good and it makes sense to provide an easy way for newer generations to play them? If a record label remasters a Beatles album do we get mad over that? Music doesn’t have an expiration date so why should games?

Nope, I’m the right age to know music from 1999, I just don’t know who this is (maybe because they’re bad?)

Uhh who?

Yeah I started playing magic in 94ish? That was my thought as well.

Because social networks are only as good as the people who are on them.

If you want to roll your own with keepass that’s fine, but most people will want a more comprehensive solution.

.

I swear they have the ability to make themselves heavier when they don’t want to be moved.

If you’re paranoid about this, go buy a yubikey and use that to secure your device/access to your passkeys. Being able to secure your own data instead of relying on the admin who may or may not know what they’re doing to secure the server is an advantage of passkeys.

It’'s really up to the end device (and the user of said device) to decide how much security to put around the local keys. But importantly, it also requires access to the device the passkeys are stored on which is a second factor. And notably many of the implementations of it require biometrics to unlock.

The “one password” thing is also true of password managers, of course. One thing about having one master passphrase is that if you do not have to remember 50 of them, then you can make that passphrase better then you otherwise might, plus it should be unique, which prevents one of the most common attack vectors.

If you’ve ever used ssh it’s very similar to how ssh keys work. You create a cryptographic key for the site; this is the passkey itself. When you go to “log in” the client and server exchange cryptographic challenges, which also verifies the site’s identity (so you can’t be phished…another site can’t pretend to be your bank, and there are no credentials to steal anyway). Keys are stored locally and are generally access restricted by various methods like PIN, passphrase, security key, OTP, etc. When you’re entering your PIN it’s how the OS has chosen to secure the key storage. But you’ve also already passed one of the security hurdles just by having access to that phone/computer. It is “something you have”.

Password managers are never going to hit anywhere near 100% adoption rate. It requires knowledge on the part of the user and in many cases money. No grandma isn’t going to roll her own with keepass. Most likely she’ll never even know what a password manager is. And as long as those users are still out there, admins still have to deal with all the problems they bring.

Incidentally I looked and it’s been over a decade since I started using my first password manager. They’re not that new.

You’re looking at this from the perspective of an educated end user. You’re pretty secure already from some common attack vectors. You’re also in the minority. Passkeys are largely about the health of the entire ecosystem. Not only do they protect against credentials being stolen, they also protect against phishing attacks because identity verification is built in. That is of huge value if you’re administering a site. Yes if everyone used a password manager there would be less value, but only about a third of users do that. And as an admin you can’t just say “well that guy got phished but it’s his own fault for not using a password manager.”

I do think that we need more standard procedures around what a reset/authorize new device looks like in a passkey world. There’s a lot about that process that just seems like it’s up to the implementer. But I don’t think that invalidates passkeys as a whole, and most people are going to have access to their mobile device for 2 factor no matter where they are.

Incidentally I have no idea who this is or whether his opinion should be lent more weight.