Facebook Now Supports Passkeys (lifehacker.com) 18
Facebook now supports passkeys for login, offering users a more secure, phishing-resistant alternative to passwords by using biometrics or a PIN stored on their device. The feature is rolling out to iOS and Android "soon," while Messenger will get the feature "in the coming months." Lifehacker reports: Meta seems pretty excited about the news -- and not just because the company happens to be a member of the FIDO Alliance, the organization that developed passkeys. Aside from logging into your Facebook account, Meta says you'll be able to use passkeys to autofill your payment info when buying things with Meta Pay. You'll also be able to use the same passkey between both Facebook and Messenger, and your passkey will act as a key to lock out your encrypted Messenger chats.
Re: (Score:3)
Why stalk him on reddit when we know where he lives, rent free?
Re: (Score:1)
this is why I tend to post AC on Slashdot. Some have a peculiar homoerotic obsession with certain users.
My posts are not worthy of having a fan club.
Re: (Score:2)
Is that a good reason though? Why do you care if someone is obsessed with your pseudonym? Personally I pride myself on how many people I cause mental anguish on a daily basis. :-)
My Ideal Setup (Score:5, Informative)
Yes, this is far beyond normal but if I want to be neurotic then just let me.
Re: (Score:3)
hate the idea that every service I use could be accessed if someone has my device
Then use a PassKey authenticator that requires a PIN or biometric entry to use the key. For example a Passkey stored on a Yubikey with a strong PIN set. Or a Passkey stored on a TPM configured to require entry of the PIN each time the credential will be used. Many users would disable the separate PIN requirement, or choose a solution that does not require one for their own convenience purposes, But you don't have
Re: (Score:1)
Re: (Score:2)
what the fuck is a "strong" PIN? the new vocabulary people come up with to shit on passwords is so weird.
The idea of something being "strong" is that it is complex e.g. in length and in information entropy. This isn't new vocabulary. This is vocabulary we have used since the dawn of cryptography.
If you are using 4 digit PIN limited to the numbers 0-9, that's your own fault, and is not a strong PIN.
Nobody understand what this is (Score:2, Insightful)
Re: (Score:3)
This is how I've come to understand it. I welcome any and all corrections.
Passkeys are a cryptographic key stored in a Secure Element. This is usually a private key inside a small cryptographic engine. You feed it some plaintext along with the key ID, and it encrypts it using that key. The outer software then decrypts the ciphertext using the public key. If the decrypted text matches the original plaintext, then that proves you're holding a valid private key, and authentication proceeds.
The private
Re: (Score:2)
Passkeys are SSH keys but for the web browser. Seriously, it's the same tech.
Good news for the old people still using Facebook (Score:3)
I guess they can be safe and secure while they view their ai-generated bacon jesus memes.
About time... (Score:3)
While there is the question of whether one *should* be using Facebook, it is long overdue for Facebook to allow passkeys if you choose to do so. Glad to see they got with the program.
I am still waiting for my bank to support passkeys for those of us not at some level of extreme premium service (where they do support it).