ilmagico

joined 1 year ago
[–] [email protected] 48 points 1 week ago (1 children)

I could be wrong, but I think Qualcomm designs its own chips and only licenses the "API", so it would be no difference for them.

[–] [email protected] 1 points 2 weeks ago

I was finally able to find some technical detail on passkeys on FIDO website, and yeah, it actually looks like it's a real improvement over passwords: it's simple, uses proven technology (public/private keys), and should be much more secure than passwords.

Also, nothing in the "specs" says I need to entrust my private key with the OS or a third party, which is good.

That said, it seems some OS support is required nonetheless, to show the pin / biometrics prompt (or is it?), and on android at least, I'd need to buy a new device with Android 14 to use a non-Google passkey provider...

[–] [email protected] 1 points 2 weeks ago

I use KeePassXC on desktop and Keepass2Android on, well, android, and sync via nextcloud. They all seem to handle syncing correctly, merging changes made on one side, or showing a notification about a conflict, and KeePassXC can definitely merge the two "conflicted copies" together reliably with a couple of clicks (yes, a no-click solution would be better, I know, but it's not "manual"). Keepass2Android integrates directly with nextcloud and seems to handle it fine.

The situation can definitely be improved but it's not so bad for me. Also, two different people should probably use two different database files and not share passwords ;)

Not sure how syncthing handles conflicts, it's been many years since I tried it.

[–] [email protected] 2 points 2 weeks ago

I use KeePassXC's browser integration daily and it works pretty well with Firefox (linux), well enough that I'm not complaining, but I cannot compare it with Bitwarden cause I never used it. On Android I use Keepass2Android and works well with autofill, but again, I can't really compare it.

Something tells me Bitwarden works better, just by virtue of being a commercially supported product, but I have no complaints with KeePassXC & Keepass2Android (KeePassDX works well on android too). Original KeePass desktop client was never great though.

[–] [email protected] 1 points 2 weeks ago (1 children)

I see, that makes sense and should be more secure, in theory. Thanks for the explanation.

The issue I have is, whether I need to trust a third party with my private key, e.g. Google with Android, Microsoft with Windows, etc. (yes on linux it's different, but that's not my only OS).

Also if the private key does get compromised (e.g. local malware steals it), hopefully there's an easy way to revoke it.

[–] [email protected] -1 points 2 weeks ago* (last edited 2 weeks ago) (4 children)

Ok, from a quick search, it seems passkeys rely on some trusted entity (your browser, OS, ...) to authenticate you, so, yeah, I'm not sure if I like that. The FIDO alliance website is all about how easy, convenient and secure passkeys are, and nothing about how they actually work under the hood, which is another red flag for me.

I'll stick to old-fashioned, long, secure, randomly generated passwords, thanks.

[–] [email protected] 5 points 2 weeks ago* (last edited 2 weeks ago)

From a quick search, Keepass2Android doesn't have it, not clear if they're working on it: https://github.com/PhilippC/keepass2android/issues/2099

KeePassDX similarly has an open issue, not clear when/if it will be implemented: https://github.com/Kunzisoft/KeePassDX/issues/1421

Good to know about Strongbox on iOS, though I'm on android so no bueno for me.

[–] [email protected] 2 points 2 weeks ago* (last edited 2 weeks ago) (6 children)

I don't use passkeys so I don't know. Maybe I should research into passkeys, what's the benefit over plain old (long, randomly generated) passwords?

[–] [email protected] 23 points 2 weeks ago (5 children)

+1 For KeePassXC and the KeePass ecosystem. Yes, you need to sync the database yourself, but you can use any file sharing service you like, e.g. google drive, dropbox... or selfhost something like nextcloud (like I do), which for me is actually a point in its favor.

Based on this news, I think I made the right choice back then when I decided to go with KeePass.

[–] [email protected] 17 points 2 weeks ago (10 children)

What do you mean "no cross device support"? KeePassXC supports Win, Mac, Linux and there are iOS and Android apps available...

As for the lack of cloud and requirement to provide your own synchronization, for some (like me) that's a feature, not a limitation :)

[–] [email protected] 7 points 2 weeks ago* (last edited 2 weeks ago)

Me too, I had money. Then, Trump imposed tariffs on China which made my stock take a dive, and the company I used to work for suffered, meaning fewer raises or bonuses. Not saying tariffs were 100% a bad idea, China was, and is still, stealing our tech (observed first hand while at that job), but that didn't help with the economy.

Then we had covid, which didn't help, and Trump definitely mismanaged that. Biden then took over and ... also mismanaged, but the opposite way, causing inflation. Thankfully, they brought it back under control, where we are now.

Now I have a new job and more money is flowing. And honestly, most of this is neither president's fault or merit, really, they just like to point fingers and take credits for stuff they didn't do.

[–] [email protected] 2 points 1 month ago

If that was the issue, they'd take steps to ensure safety, ask for certifications, etc. rather than more tariffs and lower "de minimis" exemption. Clearly these decisions are made for economic reasons, not to ensure higher quality products and protect consumers.

view more: next ›