• xylogx@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    3 months ago

    Passkey is resistant to these attacks, but user adoption is not widespread enough for Discord to be able to mandate it.

    • _Atlas_@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      Wtf, if it’s such a huge security bonus, why wait for user adoption, especially if token stealing is an issue?

      • xylogx@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        3 months ago

        Change is hard. It has been a long road to get where we are today: major OS and Browser vendor support. Users now need to change their behavior.

        • toastal@lemmy.ml
          link
          fedilink
          English
          arrow-up
          0
          ·
          3 months ago

          Based on FIDO Alliance and W3C standards, passkeys replace passwords with cryptographic key pairs. These key pairs profoundly improve security. – https://developer.apple.com/passkeys/

          Based on FIDO2/WebAuthn but unlike them, passkeys are those things Apple & Google have been pushing that live on their servers + one specific device in its secure enclave you as as a user aren’t allowed to look into. FIDO2 is usually tied to some USB security token.

          • gibson@sopuli.xyz
            link
            fedilink
            arrow-up
            0
            ·
            3 months ago

            you can still use a yubikey or even a password manager like keepassxc with passkeys, no need for any google/apple or even secure enclave.