Tell them the NIST recommendations for password frequency changes have been really reduced in recent times because it pushes people into other bad password practices. Among all factors, changing the password frequently is the least important.
But I also worry about new areas of weakness with passkeys - anyone accessing the device with the passkey on it, or hacked that device, gets access automatically to the accounts. Also if logins are too fluid I worry that anything out of the ordinary during sign ins won’t be noticed.
Wow great word in going to use it.
Same, can they see my unattractive-ness through the internet?!
Yeah that’s a really cool feature.
Oh ok thank you, well I guess I’ll continue enjoying content from both.
I only tangentially see 196 content on Lemmy, I’m old, barely understand it but enjoy it; can someone explain like I’m 5 what’s happened here to cause 196 to change to onehundredninetysix?
I guess I mean if people are too used to critical services opening up without any friction, a pause to complete some sign in step, they’ll stop taking a moment to look for any warning signs, so they might miss the fact that they’re at a spoofed url, for example. Yes you’re right that the passkey wouldn’t be working at this fake site, but it could still take them out and harvest some data, interactions or credentials.