Not commenting on the merits of the blogpost’s arguments, but Proton is selling their own product here too
this post was submitted on 09 Apr 2024
547 points (100.0% liked)
Technology
70267 readers
3699 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
And if you believe in our mission and want to help us build a better internet where privacy is the default, you can sign up for a paid plan to get access to even more premium features.
Translation: don't give those other guys money, give us your money!
The horrors of giving money to a company that actually cares instead.
load more comments
(1 replies)
Well no, their call to action isn’t to not give anyone else money. They didn’t have anything negative to say about their competition like 1Password. They’re just warning you about the shady things Google and Apple are doing specifically. And as an alternative they’re offering their own solution instead, which also doesn’t cost any money.
As a fan of Proton services I don’t like “blog posts” from companies where the solution to a problem is just their product, regardless of who the company is
Proton enabled passkeys in their free tier. So ultimately, yes by using their free tier and being safe in the thought that you can always leave if you want, that might drive you to pay for a paid plan.
But companies trying to earn your business by offering you a good honest product is not at all the same as a company using anti-consumer practices to keep you from leaving lol.
load more comments
(5 replies)
If I can't add your passkey to my Bitwarden vault, I'm not using your passkey.
If I can't add your passkey to my local KeepassXC database, I am not using your passkey.
You can also host it yourself.
https://bitwarden.com/blog/host-your-own-open-source-password-manager/
load more comments
(12 replies)
Yeah or if they only offer 2FA via SMS. Like 1) it's not even that much more secure and 2) it's just more awkward.
But I also hate how Steam and Blizzard only allow you to verify logins in their mobile app. Fucking ridiculous.
load more comments
(1 replies)
load more comments
(13 replies)
Not surprised,
Google too nowadays.
There's a reason why they removed their company motto "Don't be Evil"
Google has obviously been crap for a long time, but that was just a dumb motto to begin with. It’s not aspirational, it’s not useful for anything and it barely requires anything of anyone.
They changed it to: Do the right thing.
It’s not much better, they’re still an awful company, as most companies are, but this is just the worst reason to rag on them.
"Do the right thing (for the shareholders)"
load more comments
(1 replies)
It seems no matter what new advancements we make in technology the big tech companies seek nothing more to implement it in a way that benefits themselves. Regardless if it means fucking over the consumer.
I really hate what the internet has become over the last couple of years.
That's capitalism for you. They're not interested in making things better, they're interested in making more profit.
Proton Pass offers passkeys that are universal, easy to use, and available to everyone for improved online security and privacy.
I wonder if there could be any bias in Proton claiming their product is the best
I'd trust them miles before Google or Apple. Hell, they dropped the prices on some of their products when they found ways to provide them cheaper. Proton is a good company.
load more comments
(4 replies)
load more comments
(1 replies)
I am not using passkeys until it's possible to easily migrate them between providers (not just devices / browsers). If I used Proton Pass, and then later decided to use another password manager, could I export my passkey data?
We’ve also given passkeys and passwords equal priority so that you can use them interchangeably in our apps. This means you can store, share, and export passkeys just like you can with passwords.
That's excellent. Thanks for pointing that out!
The next question is does anyone actually let you import passkeys? I don't think there is ☹️
I have a few keys in Bitwarden but before I go adding more I am going to play with Proton Pass. A lot of users were understandably annoyed when Bitwarden released passkey support but in such a limited manner.
load more comments
(1 replies)
Better yet: use a hardware 2FA token that supports passkeys
The issue is that most of them are limited in the amount of passkeys they can manage.
In the case of the Yubikey 5
Currently, YubiKeys can store a maximum of 25 passkeys.
How is 25 bad? Do you need a passkey for each service /app/website? Can't you use the same key for many services? (trying to understand how they work)
Yes, you need a passkey per service, so you would quickly end up with your 25 slots full.
Ideally yes, they're supposed to eventually replace all passwords. Of which I have hundreds. And yes not 100% of them will do that on the near future but a lot more than 25 will.
load more comments
(12 replies)
load more comments
(5 replies)
load more comments
(1 replies)
When vaultwarden supports this I’ll play ball. If I don’t have control over my authentication methods, then they aren’t my authentication methods.
Do you really think it's a good idea to store your password, TOTP and pass key in one place?
Yes, as long as that place is only accessible by a physical passkey (such as a Yubikey). The risk is miniscule and the convenience is 100% worth it.
load more comments
(1 replies)
load more comments
(4 replies)
load more comments
(2 replies)
The way Apple or companies like Paypal implement two-factor authentication, let alone passkeys, drive me up the wall. This all could have been so much better.
I’m not even going to mention all the platforms that rolled out passkey creation support, but not passkey login support, for whichever damn reason
Yeah, Apple 2FA is infuriating, especially since you can do all factors from the same device. Kind of defeats the purpose of traditional 2FA/MFA. Also, companies that decide you 2FA experience has to use their app, instead of a standards-compliant TOTP app of your choosing....ugh.
Traditional 2FA (assuming you mean apps with codes) can be done from the same device (if you have the app with the codes installed on that device).
It doesn’t defeat the purpose of 2FA. The 2 factors are 1. The password and 2. You are in possession of a device with the 2FA codes. The website doesn’t know about the device until you enter the code.
load more comments
(1 replies)
If you think forcing everyone to carry an object other than their phone around so they can use 2factor on their phone is a good idea... Or if you said I need to go to my laptop when I’m logging in on my phone and vise versa… that’s nonsense too. Sure maybe some companies require this. But that’s different.
Authy on my phone is just as “dumb” as Keychain on my phone.
How else are you imagining this should work? Keep in mind normal people need to do it too.
load more comments
(6 replies)
load more comments
(1 replies)
load more comments
(1 replies)
I'm well versed in IT security, and even with (or because of) my knowledge, I still haven't looked deep into setting up passkeys on my services. Just because it's such a clusterfuck of weird implementations.
I can't imagine being a normal consumer and wanting to set them up. The poor support teams having to support this...
And I'm managing at least one service at work that could totally benefit from passkey integration. The headache of looking into how to properly implement them is just way too much
load more comments
(4 replies)
Yeah I've avoided passkeys. Anything that Google is pushing to me is always in their interests.
That is not the takeaway here.
The takeaway is Passkeys are great technology but as implemented by Google, Microsoft, and Apple fall short of what they could be.
load more comments
(5 replies)
load more comments
(9 replies)
Lock downs are pretty much a hard pass for me. Anything I buy, I research, and if there's even the slightest hint of BS incompatibility, it's simply a no go.
I noticed that recently every post on Proton's blog has been an advertisement of their services.
They are hypocrites.
A few days ago they posted that corporations are bad because they collect fingerprints, profile users, etc., yet they are no better, as their mobile apps rely on Firebase Cloud Messaging (FCM) owned by Google to deliver notifications to their users.
In 2020 they wrote that they "may offer alternative push notification system", but apparently shitting on corporations is easier than making actual changes. Four years ago.
load more comments
(5 replies)
.
You still deserve those downvotes. There’s nothing to not trust about passkeys.
load more comments
(7 replies)
load more comments
(7 replies)
Could someone ELI5 (if possible) what passkeys actually are?
Basically hardware keys (like YubiKey) without hardware
load more comments
(10 replies)
view more: next ›