Gawd sometimes I hate passkeys.
-
@karlauerbach Dealing with my MIL's tech at her assisted living facility is a nonstop time suck. And it repeats. And nobody on staff is particularly good at helping either. At this point I've just stopped trying. If she can watch tennis on TV and get her texts on her phone, I just am too burned out with it to jump through hoops anymore. BUT I am thinking through how to set things up for ourselves in our old age. How to simplify.
@nomdeb I have similar issues with my mother at a living facility. She regularly destroys the software or hardware of her devices by pushing every button (sometimes at the same time) and pounding on things as if she were on a chain gang breaking rocks.
Most recently she bricked, somehow, her iPhone to the degree that it had to be replaced by a new one. (Fortunately I had set it up to back up pretty much everything important to Apple's iCloud - I trust Apple with things far more than I would were it an Android phone and Google.)
-
@karlauerbach @rodneylives @Bodling
That means that grain is going to get more expensive for the simple reason that it will probably have to travel around the tip of South America.
It’s a real pile of drought in America’s bread basket plus fertilizer constraints at a bad time, plus extreme weather.
Building a supply chain with no tolerance to it. It’s kind of a problem.
2/2
@GhostOnTheHalfShell @rodneylives @Bodling I've heard about the Panama drought problem. But you are right that it is under-reported.
Back during the first trump term China realized that the US has become an unreliable supplier of grain, particularly soy.
So China made investments in grain growing countries, such as Argentina, to create solid product-moving infrastructure, such as good roads, good railroads, and deepwater docking facilities - thus greatly reducing the shipping costs and thus effectively permanently putting US growers at a net price disadvantage vis-a-vis non US growers of soy.
China clearly has strategic long term thinkers and investors, something the US seems to have depleted.
-
@ShadSterling Passkeys are somewhat clever. They use the ability of public/private crypto keys to perform an identity challenge that is unique every time it is used. The private key is stored on your machine(s) and the matching public key is on the website/service. A biometric is usually used to allow the private key to be taken from its storage (which could be a protected, trusted bit of hardware, or not) and a random challenge is sent to the website. That website has to unwrap that challenge using the public key and return the challenge (or a digest of it) back to the client and who can check whether the unwrapped challenge is correct. As with most things cryptographic, there are many devils lurking in the details and there are vulnerabilities in unexpected places - such as in public key systems one has to take care not to accept a bogus "public" key.
Update: I made some errors, particularly with regard to who issues the challenge and how it is processed.
@karlauerbach that’s about how passkeys work, not how to use them
-
@nomdeb I have similar issues with my mother at a living facility. She regularly destroys the software or hardware of her devices by pushing every button (sometimes at the same time) and pounding on things as if she were on a chain gang breaking rocks.
Most recently she bricked, somehow, her iPhone to the degree that it had to be replaced by a new one. (Fortunately I had set it up to back up pretty much everything important to Apple's iCloud - I trust Apple with things far more than I would were it an Android phone and Google.)
@karlauerbach YES!!!!!! Said with feeling. So much feeling. Exactly this. She also refuses any efforts I make to get her occupational therapist help to teach her stuff that she uses frequently like the TV remote control. Or learn to use voice controls. All the deep sighs. I did lol to see a book titled stupid things my parents did that I will avoid.
but more seriously I am planning as best as I can to keep up with tech that will help in my own old age and try for simplicity. -
That's...a thing I worry about. I've started to see "Set up a passkey" as a default page I have to click past. The first time, I nearly started to set it up, but then had a think based on some mutterings I'd heard On Here.
I'm and Old, & a Luddite, & very much •dis•inclined to jump on the latest fad, so I have not set up any passkeys. Sounds like I very much don't want to.
@cavyherd Do consider setting up passkeys. They are a great improvement over passwords and one usually does not forget to carry one's biometrics wherever one might choose to go. Often setting up a passkey is so painless that one might not even notice that it was done. (It is annoying on my Mac Mini because that machine does not have Apple's fingerprint button, so I usually set up passkeys on my other Apple devices and let them be [hopefully securely] propagated via Apple's iCloud sharing.)
One of the weakness of passkey is that you usually need a computer/phone onto which the private key part of the desired passcode has been propagated - so you usually need your smart phone or laptop, you can't expect to be able to walk up to an arbitrary computer, while wearing nothing but your birthday suit, and securely log in. With passwords you could do that - although I rarely see a naked person doing banking.
-
@karlauerbach YES!!!!!! Said with feeling. So much feeling. Exactly this. She also refuses any efforts I make to get her occupational therapist help to teach her stuff that she uses frequently like the TV remote control. Or learn to use voice controls. All the deep sighs. I did lol to see a book titled stupid things my parents did that I will avoid.
but more seriously I am planning as best as I can to keep up with tech that will help in my own old age and try for simplicity.@karlauerbach truly there should be a whole career field of tech for geriatrics including building it into assisted living facilities (or homes) and training people for hire who can be called out. Assisted living IT person is just a hook up the TV sort.
-
@karlauerbach which for transfers is OK, but for paying a bill and setting money aside? ugh
@crystalmoon I live in the Apple world, so for most bank transactions, or paying bills, or even buying something at a store, I find that the most I need is my face (for facial recognition biometric) or my finger (for fingerprint biometric).
My banks seem to have some sort of size/dollar threshold that triggers the use of a time-based authenticator, like an RSA widget or Google Authenticator app. Because we own a business we usually have to do that when dealing with our business accounts.
-
@karlauerbach that’s about how passkeys work, not how to use them
@ShadSterling I'm a techie so I often skip the "how does one use this" and jump to the "how does it work under the skin" mode.
Normally one encounters a passkey when logging into a website or service.
Usually there is the normal "who are you" phase in which enter an email address or user name or something.
Then you simply activate the biometric thingy on your device - on my iPhones it is the camera looking at my face, on my Macbooks it is the fingerprint key. (And on my other devices - I have to cancel out and hope that the service still has a username/password method of getting in.)
Once the biometric is taken then some packets get exchanged (usually quite quickly) via the net and you get let into the service.
It's pretty easy, a lot easier than remember and entering a password.
-
@ShadSterling I'm a techie so I often skip the "how does one use this" and jump to the "how does it work under the skin" mode.
Normally one encounters a passkey when logging into a website or service.
Usually there is the normal "who are you" phase in which enter an email address or user name or something.
Then you simply activate the biometric thingy on your device - on my iPhones it is the camera looking at my face, on my Macbooks it is the fingerprint key. (And on my other devices - I have to cancel out and hope that the service still has a username/password method of getting in.)
Once the biometric is taken then some packets get exchanged (usually quite quickly) via the net and you get let into the service.
It's pretty easy, a lot easier than remember and entering a password.
@karlauerbach what on earth does “encounters a passkey” mean? That sounds like an item I might pick up in a game by stepping on it.
Pasting a password from my manager is trivial. Having multiple passwords for multiple accounts on the same site is easy. Syncing my password file across devices is routine.
With passkeys I’ve never seen a clear statement that using multiple devices is possible, much less whether multiple browsers on the same device get treated as different devices
-
@karlauerbach what on earth does “encounters a passkey” mean? That sounds like an item I might pick up in a game by stepping on it.
Pasting a password from my manager is trivial. Having multiple passwords for multiple accounts on the same site is easy. Syncing my password file across devices is routine.
With passkeys I’ve never seen a clear statement that using multiple devices is possible, much less whether multiple browsers on the same device get treated as different devices
@ShadSterling My passkeys work across my devices (I am within the Apple kingdom of computer and phones.) Apple propagates a lot of this between your machines via iCloud. (My Linux and FreeBsd machines are often operated remotely and without a console/keyboard - so doing a biometric with a passkey on those machines is kinda a pain, but for those I have pre-established SSH keys.)
With the way that HTTP works (with or without TLS - that's the S in HTTPS) each connection from any browser on the same machine begins as a distinct engagement with the service. Should the service bind those together (using cookies or something) that is a matter for the service software, not part of the way that passkeys work.
-
@cavyherd Do consider setting up passkeys. They are a great improvement over passwords and one usually does not forget to carry one's biometrics wherever one might choose to go. Often setting up a passkey is so painless that one might not even notice that it was done. (It is annoying on my Mac Mini because that machine does not have Apple's fingerprint button, so I usually set up passkeys on my other Apple devices and let them be [hopefully securely] propagated via Apple's iCloud sharing.)
One of the weakness of passkey is that you usually need a computer/phone onto which the private key part of the desired passcode has been propagated - so you usually need your smart phone or laptop, you can't expect to be able to walk up to an arbitrary computer, while wearing nothing but your birthday suit, and securely log in. With passwords you could do that - although I rarely see a naked person doing banking.
"One does not forget to carry one's biometrics".
Except they're inaccessible on VERY common use cases like "desktop PC without webcam" or "public kiosk".
So we have to do terrible Rube Goldberg flows for non-smartphone users. I really don't want my digital life centered around a delicate theft-target device that's mostly a vector for funneling personal data to an American bigtech.
TOTP 2FA can be run on a freaking Commodore 64. Emailed codes are tech-agnostic.
-
@GhostOnTheHalfShell @rodneylives @Bodling I've heard about the Panama drought problem. But you are right that it is under-reported.
Back during the first trump term China realized that the US has become an unreliable supplier of grain, particularly soy.
So China made investments in grain growing countries, such as Argentina, to create solid product-moving infrastructure, such as good roads, good railroads, and deepwater docking facilities - thus greatly reducing the shipping costs and thus effectively permanently putting US growers at a net price disadvantage vis-a-vis non US growers of soy.
China clearly has strategic long term thinkers and investors, something the US seems to have depleted.
@karlauerbach @GhostOnTheHalfShell @rodneylives @Bodling China has been around for thousands of years, all their thinking is long term compared to anywhere else. And they invented bureaucracy too, which ensures that a system will be in place to implement and oversee plans that span far beyond any individual's lifetime.
-
"One does not forget to carry one's biometrics".
Except they're inaccessible on VERY common use cases like "desktop PC without webcam" or "public kiosk".
So we have to do terrible Rube Goldberg flows for non-smartphone users. I really don't want my digital life centered around a delicate theft-target device that's mostly a vector for funneling personal data to an American bigtech.
TOTP 2FA can be run on a freaking Commodore 64. Emailed codes are tech-agnostic.
@hakfoo @cavyherd 2FA is good (certainly more secure than a simple password) and, as you point out, requires few resources (apart from the need to have a 2nd communications medium to carry the 2nd factor messages.) But it does have vulnerabilities, particularly if the attacker has ways to affect the routing of the 2nd factor to the user. For instance Telco routing of that 2nd factor via SMS has been a source of attack.
-
@ShadSterling My passkeys work across my devices (I am within the Apple kingdom of computer and phones.) Apple propagates a lot of this between your machines via iCloud. (My Linux and FreeBsd machines are often operated remotely and without a console/keyboard - so doing a biometric with a passkey on those machines is kinda a pain, but for those I have pre-established SSH keys.)
With the way that HTTP works (with or without TLS - that's the S in HTTPS) each connection from any browser on the same machine begins as a distinct engagement with the service. Should the service bind those together (using cookies or something) that is a matter for the service software, not part of the way that passkeys work.
@karlauerbach so your passkeys work in all browsers on all of your apple devices, but not your Linux and FreeBSD devices? Because Apple implicitly syncs them outside of your control with no way to sync to non-Apple devices?
I don’t follow about distinct engagements and binding them together; if I follow a link within a site I’m logged in to, is that a distinct engagement that the service is binding together with a cookie? How does that relate to using multiple browsers or devices?
-
Gawd sometimes I hate passkeys.
I have to deal with some fairly old people - people who have lost much of their vision and who have never been particularly technically minded.
The modern race-to-lock-everything has moved a lot of services (such as outlook) to move to passkeys.
That's nice - unless one is trying to deal with problems for an old person who is 800 miles away.
It appears that many of these services treat having a passkey as a one-way ratchet. Once someone (me) has set up a passkey (limited to my computer and phone) then the service switches to demand a passkey rather than the password to get in - but the old person's phone/computer does not have the passkey nor knows how to use it even if they did.
Our present Internet - largely programmed by young people with tech knowledge and good eyesight - is becoming increasingly hard to use by older people while things (like medical services) increase security that these people do not know how to use and can't be managed remotely.
@karlauerbach does this apply to hardware 2fa keys? I honestly don't really understand why we bother with anything else other than the hardware 2fa keys.
-
Gawd sometimes I hate passkeys.
I have to deal with some fairly old people - people who have lost much of their vision and who have never been particularly technically minded.
The modern race-to-lock-everything has moved a lot of services (such as outlook) to move to passkeys.
That's nice - unless one is trying to deal with problems for an old person who is 800 miles away.
It appears that many of these services treat having a passkey as a one-way ratchet. Once someone (me) has set up a passkey (limited to my computer and phone) then the service switches to demand a passkey rather than the password to get in - but the old person's phone/computer does not have the passkey nor knows how to use it even if they did.
Our present Internet - largely programmed by young people with tech knowledge and good eyesight - is becoming increasingly hard to use by older people while things (like medical services) increase security that these people do not know how to use and can't be managed remotely.
@karlauerbach See also fingerprints too faint to scan, facial recognition that can't account for aging, or even just the wisdom to live for absolutely anything other than these fuckin computers, likesay human interpersonal communication fka "communication."
-
Gawd sometimes I hate passkeys.
I have to deal with some fairly old people - people who have lost much of their vision and who have never been particularly technically minded.
The modern race-to-lock-everything has moved a lot of services (such as outlook) to move to passkeys.
That's nice - unless one is trying to deal with problems for an old person who is 800 miles away.
It appears that many of these services treat having a passkey as a one-way ratchet. Once someone (me) has set up a passkey (limited to my computer and phone) then the service switches to demand a passkey rather than the password to get in - but the old person's phone/computer does not have the passkey nor knows how to use it even if they did.
Our present Internet - largely programmed by young people with tech knowledge and good eyesight - is becoming increasingly hard to use by older people while things (like medical services) increase security that these people do not know how to use and can't be managed remotely.
@karlauerbach Don't those sites have a 'forgot password/passkey' option?
-
@karlauerbach does this apply to hardware 2fa keys? I honestly don't really understand why we bother with anything else other than the hardware 2fa keys.
@codinghorror I'm not able to evaluate the relative strength of those time-based authenticators vs passkey, but from my own actual experience, passkeys are easier on the user. (And when it comes to time-based authenticator devices I personally prefer the ones that run as apps on my phone rather than on a separate device.)
-
@karlauerbach so your passkeys work in all browsers on all of your apple devices, but not your Linux and FreeBSD devices? Because Apple implicitly syncs them outside of your control with no way to sync to non-Apple devices?
I don’t follow about distinct engagements and binding them together; if I follow a link within a site I’m logged in to, is that a distinct engagement that the service is binding together with a cookie? How does that relate to using multiple browsers or devices?
@ShadSterling Yes, Apple is silently copying my passkey stuff around between my Apple devices. My Linux machines don't play in that world, but as I mentioned somewhere, my Linux machines mostly don't have the hardware to do make a biometric test.
-
@codinghorror I'm not able to evaluate the relative strength of those time-based authenticators vs passkey, but from my own actual experience, passkeys are easier on the user. (And when it comes to time-based authenticator devices I personally prefer the ones that run as apps on my phone rather than on a separate device.)
@karlauerbach yeah but if someone gets on your phone you're super fucked, right? The other physical item (the hardware 2fa key) is required.
