• Zink@programming.dev
    7·
    54 minutes ago

    It’s not the funniest one, I don’t have an account, and I don’t live near one. But if I ever see the option to log in with Jollibee on any legit service I am already using I am switching over to that ASAP.

      • Gork@sopuli.xyz
        10·
        1 hour ago

        The code is at the bottom of the can and can only be seen be shining a flashlight down it. This completes Step 1 of the verification.

        Oh and it changes your pee color so it can reveal the passkey pisskey verification QR code on the urinal in front of you to complete Step 2 of the verification.

        • rumba@lemmy.zipEnglish
          5·
          2 hours ago

          Half a cryptographic key that you can’t easily give to someone over the phone by accident.

        • Pasta Dental@sh.itjust.works
          51·
          2 hours ago

          a very long password that (ideally) is only bound to a single device, requires a second identifier (biometric, PIN, password) and that is phishing resistant.

          • ☂️-@lemmy.ml
            111·
            2 hours ago

            bound to a single device

            yay vendor lock in. google or meta password manager salivating.

              • lime!@feddit.nuEnglish
                4·
                1 hour ago

                thus rendering them redundant, because their strength is being bound to a single physical device. if they’re portable, they’re as good as asymmetric key pairs.

                • 4am@lemmy.zip
                  1·
                  58 minutes ago

                  Their strength is being half a cryptographic key, not that they’re device bound.

                  That was a “requirement” that big tech wanted, to force you to be dependent on TPM storage, so you’d be forced to use a Trusted™ device and OS. It was made optional after pushback from basically everyone else.

                  Password managers support Passkeys now. Bitwarden and KeePassX among others.

                  As long as I trust that my password manager is secure, and as long as I use a strong master password or (better) have a hardware key to unlock it, it is way more secure than a password, and I can still install Linux without losing my logins.

              • ☂️-@lemmy.ml
                1·
                60 minutes ago

                i’m assuming most people will use the default, which will probably be google lock in anyway.

            • Zink@programming.dev
              2·
              58 minutes ago

              Bitwarden has been working great with me as sits transition to passkeys, even big corporate ones.

              But yeah in practice, google and facebook are going to probably dominate because they are the easy + free option.

          • Kaiserschmarrn@feddit.org
            2·
            2 hours ago

            bound to a single device

            Bitwarden let’s you sync your passkeys between devices. And you can also unlock your vault with one stored on a physical security key.

        • nearhat@lemmy.zip
          22·
          1 hour ago

          Ooh-la-la, someone’s gonna get laid in college.

          Edit: This is a joking reference from a Rick and Morty episode (S02E06).

          • ☂️-@lemmy.ml
            2·
            2 hours ago

            i don’t get what this has to do with college, or getting laid at all but sure.

            • nearhat@lemmy.zip
              2·
              1 hour ago

              Oh, I’m sorry. It’s a reference to a Rick and Morty episode. I thought that’s what you were referring to.

        • lemmyknow@lemmy.today
          1·
          32 minutes ago

          More like, “are you sure?”

          Are you really sure?

          Okay, but, like, are you for real sure?

          Sure, just… confirm your password

          Confirmation code sent to your phone

          Now, log out and back in, to be sure

          You sure, right? Didn’t change your mind?

          Okay, confirm link sent to email

          Okay, but, like, take a look at what you’ll be missing. Are you really sure?

          Oi, I’ll let you in on a secret: we got a very special deal, just for you. How about that? Sounds good, innit? How about we stop this silly thing and get back inside, so you can enjoy this sweet, sweet deal?

          Aight, get it. You hate good deals, and don’t care missing out on what we have to offer. Please call us at 0118**************** and explain thoroughly why exactly you’re leaving. Btw, can we get that written as well? Just, y’know, a little dissertation on the matter. Just mail it over to our headquarters

          Aight, just so you know, we’ll have to charge a little account deletion fee. Standard procedure, here.

          Hate to see you go :(

          We’ll miss you tons. Come back anytime!

          *marks account inactive*

  • wetbeardhairs@lemmy.dbzer0.com
    31·
    5 hours ago

    Honestly I thought it was great when OAuth started making it easy to use my various pre-existing IDs as logins for websites. But now I cant remember which one is which and my password manager doesn’t give me any hints. Sigh.

    • ramble81@lemmy.zip
      7·
      3 hours ago

      Honestly that’s why I just stick with local site auth and a password manager. 1) it lets me remember things via my manager and 2) if it’s compromised, they’ll only have access to that site and not other ones I’ve used to log in with.

      • wetbeardhairs@lemmy.dbzer0.com
        1·
        1 hour ago

        I generally do too. But then you’re also at the mercy of whether the site was designed with even the most basic of security in mind. Luckily the password managers all generate unique passwords so one site getting hacked and plaintext passwords stolen won’t get my bank info put at risk - but still.