Dumdum you were suggesting that the autofill in password managers could be relied on for security, which is what I was arguing against. Password managers in general are an improvement in security of course, I’m only talking about the autofill feature.
DeletedUser26 you were suggesting that the autofill in password managers could be relied on for security
Once again, I never said/suggested that they could be relied on. Just that it was something you could do.
DeletedUser26 Soild point. However, wouldn't i be fucked to the same extent if i lost/broke my hardware key?
Its much easier to lose than my totp database.
[deleted] Well passkeys are best used with your password manager, synced across all your devices and backed up in the cloud. So you wouldn’t be fucked in that case. If you chose to only use them in your hardware key then that would be a risk but a self imposed one.
I'd also make the argument that hardware keys cant actually replace passwords because they can be taken from you by force unlike a password in your head.
DeletedUser26 Ah i get it. Thanks!
DeletedUser24 Brilliant quote.
ticklemyIP If it were true that TOTP has no value beyond random passwords from a password manager Micay would not use it.
The quote in the post by DeletedUser24 is being misinterpreted as saying that TOTP has no value, while the quote doesn't say that: "doesn't add any significant value" is not equal to "no value".
As to the topic of this thread: in my view, developers of GrapheneOS are already busy with developing their own secure and private OS. Flarum will likely add support for passkeys anyway, and why should GrapheneOS spend dozens of hours on a feature that might get implemented upstream next week?
fid02 Oh yeah maybe I should bug upstream about it then.
An extension for passkey login exists, but we are very unlikely to use it:
https://flarum.org/extension/hikarilan/flarum-passkey-login
We have a rule to only use extensions from Friends of Flarum, as they are the only ones that are maintained long-term and have a reputation for high quality. Introducing a passkey extension that stops being maintained or breaks would be pretty catastrophic and would force our team to have to deal with it instead, which is not where we want to be.
matchboxbananasynergy That makes sense, I hope they add it officially at some point.
