Yes, passkeys are public private keys, so a site only ever sees your public key. Your device does the match with the private key. So in that way, no-one can hack the service site and steal your password. But your private key on your device has to stay very private, and should be synced to another device, because if you lose your private key then essentially you can't login in. If a site offers a backup "password reset via e-mail" then they have rubbish security anyway.
danie10
joined 3 years ago
I use passkeys for some sites, but have been reluctant to go all in until I'm sure all my devices can support them. I'm not always going to have my desktop with me, and likewise my phone's battery can be flat, etc. I've always wanted passkeys to first sync across all my devices, and ideally to be exportable and brought into a different service. Right now you can export your 900+ passwords, and import them into a different service if you want to move. You can't do that with Apple or Google passkeys.
True, and the reverse is also true when a product is bad. I blog usually about what I'm interested in testing out, and when I see if may be worth me moving to a different service.
RCS should not really be a proprietary app in the sense of a 3rd part installable app. It is normally carrier provided just like SMS works. On Apple the default SMS/Messenger is Apple's Messages app. On Pixel that is Google Messages and on Samsung phones they have their own one. It has a carrier hook and is apparently tied to the number.
Thanks I did not know that. I see they say share via the vault, but don't specifically mention exporting, as in to a file for importing elsewhere outside 1Password. But certainly LastPass, Bitwarden and others I'd looked at were not exporting the passkeys.
RCS is carrier based though, which is why the carriers had to buy into it, and they turn it on, not Google. Many in 3rd World countries don't have e-mail. Many legal notices are today still sent out by text SMS. I get them all the time for bank transactions, government notices, etc. Actually, Samsung's Message app also supports RCS, and this is what Apple is building into their Apple Messages app too.
They do accept Tor connections though... But I think you have the facts wrong about that access to data unless you have a credible source you can share: They are legally obligated to comply with lawful requests from Swiss authorities if they meet specific criteria (just like every other country except the USA where law enforcement [used?] could just request access. In a US case involving threats against immunologist Anthony Fauci, ProtonMail confirmed they received a legal request from Swiss authorities. However, due to end-to-end encryption, they could only provide the date the account was created, not the content of emails.
Well German is EU, whilst Swiss is Swiss. But either ways, their requirements are way higher than US law for access to any records or metadata. The other thing is, if you live outside of Switzerland, your own government has to arrange legal access via two countries' jurisdictions. And of course too for the USA, neither the Swiss or the Germans are allowed to just sell off data to data brokers.
Just like the Bitwarden app on Android, the Proton Pass one sits in the background to help with auto-fill on any browser form, irrespective of which browser it is.
Remember, RCS is replacing text SMS and Text SMS has not only absolutely zero encryption of any sort, it also has copies retained by every mobile service provider in terms of their license T&C's. You need to see RCS as an upgrade of text SMS, and not really a replacement for WhatsApp (yet).
That would be the same data then as WhatsApp, Signal, etc. We pay 100's of percent more on SMS than data, so although there is a data charge, it is really little compared to SMS.
Yes, but as I said, as of yesterday still not implemented on mobile.