this post was submitted on 16 Oct 2024
271 points (86.3% liked)

Technology

59589 readers
2838 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] infeeeee@lemm.ee 28 points 1 month ago (4 children)

There was a related news recently, that bitwarden and other pw managers will be able to sync passkeys between devices. Won't that solve these issues?

[–] uiiiq@lemm.ee 32 points 1 month ago (2 children)

My thoughts exactly. I use Bitwarden and passkeys sync flawlessly between my devices. Password managers tied to a a device or ecosystem are stupid and people shouldn’t use them. This is true whether you use passwords or passkeys.

That said, we cannot blame users for bad UX that some platforms and some devs provide.

[–] Tetsuo@jlai.lu 4 points 1 month ago (2 children)

Isn't your password manager tied to an ecosystem with Bitwarden ?

I'm surprised people trust third parties to hold their passwords.

Wasn't there multiple password managers that got powned over the years ?

If you can sync Passwords you are also more exposed than some unhandy secure local password storage.

[–] 4am@lemm.ee 7 points 1 month ago

Wasn't there multiple password managers that got powned over the years ?

Pretty much only LastPass

[–] uiiiq@lemm.ee 4 points 1 month ago

I can use bitwarden on Windows, Linux, Mac, iOS, Android, on desktop app or using CLI. That’s a stark difference in comparison with built in Microsoft or Apple keychains. And yes, I trust Bitwarden.

[–] iopq@lemmy.world -3 points 1 month ago (3 children)

Bitwarden is not usable on Linux desktop, keeps asking for password. The password can't be too short, so it takes some time to type it in. I turn off my computer when it's not needed, so I would just need to type in the password when I turn it on again.

Anyone have a better solution?

[–] knova@infosec.pub 10 points 1 month ago (1 children)

Is “keeps asking for the password” the definition of “unusable on Linux”?

I have zero issue using this on Linux fwiw; yes, I am asked for password again on BW when I reboot/start my system. That is not inconvenient to me.

[–] iopq@lemmy.world 1 points 1 month ago

Yes, because it doesn't have biometric support on Linux

[–] unskilled5117@feddit.org 9 points 1 month ago (1 children)

You could use your

to unlock the app instead of the password

[–] iopq@lemmy.world 1 points 1 month ago (1 children)

The fingerprint doesn't work on Linux last time I tried

[–] unskilled5117@feddit.org 3 points 1 month ago

I think its a recent addition (08/2024) on Linux.

Add support for biometric unlock on Linux

[–] rolling_resistance@lemmy.world 2 points 1 month ago

A better solution is to disable vault lock. It is very much usable (mostly talking about browser extension).

[–] hummingbird@lemmy.world 14 points 1 month ago* (last edited 1 month ago)

Not in all situations. And in a way a user will not be aware of. The service or website can define what type of passkey is allowed (based in attestation). You may not be able to acutally use your "movable" keys because someone else decided so. You will not notice this until you actually face such a service. And when that happens, you can be sure that the average user will not understand what ia going on. Not all passkeys are equal, but that fact is hidden from the user.

[–] exu@feditown.com 3 points 1 month ago

I remain hopeful. Initially, when Keypass wanted to include a simple export option there was talk of banning them from using Passkeys.

[–] rolling_resistance@lemmy.world 1 points 1 month ago (3 children)

It does*.

However when I'm trying to login with a passkey in my mobile browser, Bitwarden prompt isn't showing up. I don't know what's wrong.

[–] JohnWorks@sh.itjust.works 3 points 1 month ago (1 children)

If you're using Android it's more than likely just an OS issue. I have had a lot of issues on my phone trying to use passkeys let alone just the password manager.

[–] mysticalone@lemmy.world 1 points 1 month ago

One of many reasons I hate android. In my experience the integration with technology: late and poorly polished, early and kneecapped, initially available then removed, or non-existent.

I think its partly the fragmentation in the Android community and mostly Google's influence.

[–] 4am@lemm.ee 1 points 1 month ago (1 children)

That’s weird, it works for me. Is there something you need to click on the mobile site?

[–] rolling_resistance@lemmy.world 1 points 1 month ago

What's your browser-Bitwarden setup?

The same flow works for me on desktop (firefox+bw plugin).

[–] snowsuit2654@lemmy.blahaj.zone 1 points 1 month ago (1 children)

I've found on my android phone that the bitwarden prompt comes up more reliably if I tap on the password field instead of the username field.

[–] rolling_resistance@lemmy.world 1 points 1 month ago

This might be true, but I'm talking about passkeys, that never work :(