- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing… that lives on my phone? What if I lose my phone? What if you steal my phone?
These would be extremely easy to detect with regex. Just look for the service name in a password, including common leet speak conversion.
Password123-Facebook
then easily becomesPassword123-GitHub
orPassword123-Walgreens
.I can assure you, if I was a bad actor that got my hands on a password dump, I’m checking for these kinds of passwords pretty early on.
Edit: A word.