Passkeys are an easy and secure alternative to traditional passwords that can help prevent phishing attacks and make your online experience smoother and safer.

Unfortunately, Big Tech’s rollout of this technology prioritized using passkeys to lock people into their walled gardens over providing universal security for everyone (you have to use their platform, which often does not work across all platforms). And many password managers only support passkeys on specific platforms or provide them with paid plans, meaning you only get to reap passkeys’ security benefits if you can afford them.

They’ve reimagined passkeys, helping them reach their full potential as free, universal, and open-source tech. They have made online privacy and security accessible to everyone, regardless of what device you use or your ability to pay.

I’m still a paying customer of Bitwarden as Proton Pass was up to now still not doing everything, but this may make me re-evaluate using Proton Pass as I’m also a paying customer of Proton Pass. It certainly looks like Proton Pass is advancing at quite a pace, and Proton has already built up a good reputation for private e-mail and an excellent VPN client.

Proton is also the ONLY passkey provider that I’ve seen allowing you to store, share, and export passkeys just like you can with passwords!

See https://proton.me/blog/proton-pass-passkeys

#technology #passkeys #security #ProtonPass #opensource

  • GadgeteerZAOP
    link
    fedilink
    English
    arrow-up
    9
    arrow-down
    1
    ·
    8 months ago

    Well, at least say WHY? We know we can’t trust Apple (because of the recent backdoor that had to be closed down), Facebook because of the Cambridge Analytica scandal, Microsoft because the NSA were given first access to vulnerabilities before patching), the NSA because of the CLOUD Act), etc as these are all documented, analysed and reported on. Your comment really adds zero value to the debate. Proton is under Swiss law for a start, which has a way higher barrier to entry for law enhancement to get any access to metadata. In the USA the law enforcement just buys that data from data brokers. Proton is not in the business of advertising.

    • HACKthePRISONS@kolektiva.social
      link
      fedilink
      arrow-up
      1
      ·
      8 months ago

      I don’t trust them because they don’t use established security practices and their interfaces abstract away the internals and they have complied with law enforcement and admitted they could compromise contents(not just metadata) and they don’t accept anonymous payment.

      • GadgeteerZAOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        8 months ago

        They do accept Tor connections though… But I think you have the facts wrong about that access to data unless you have a credible source you can share: They are legally obligated to comply with lawful requests from Swiss authorities if they meet specific criteria (just like every other country except the USA where law enforcement [used?] could just request access. In a US case involving threats against immunologist Anthony Fauci, ProtonMail confirmed they received a legal request from Swiss authorities. However, due to end-to-end encryption, they could only provide the date the account was created, not the content of emails.

        • HACKthePRISONS@kolektiva.social
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          they could ship malicious js to their frontend that would give them access to the unencrypted session. you are going on faith every time you load the interface.

          • GadgeteerZAOP
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            8 months ago

            Vulnerabilities on the client end are the only way right now for most state actors to gain access to messaging. So yes, various actors are already exploiting that as they have a lot at stake to gain access. But with others already able to exploit that, why would Proton want to do that? Their model is not about advertising or selling data, and they have 100 million paying customers as I understand it. The one’s that have been spying and exploiting have been the likes of Meta’s Facebook with their app present on the client device, and then trying to break Snapchat’s encryption this was (this came out in March 2024). Anyone “can” but we need to also consider “why” and what business model they have.

    • dukatos@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 months ago

      Just be carefull with “Swiss laws” defense. The laws are for Swiss citizens only. The same applies to “German privacy” laws.

      • GadgeteerZAOP
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        8 months ago

        Well German is EU, whilst Swiss is Swiss. But either ways, their requirements are way higher than US law for access to any records or metadata. The other thing is, if you live outside of Switzerland, your own government has to arrange legal access via two countries’ jurisdictions. And of course too for the USA, neither the Swiss or the Germans are allowed to just sell off data to data brokers.