Passkeys are an easy and secure alternative to traditional passwords that can help prevent phishing attacks and make your online experience smoother and safer.

Unfortunately, Big Tech’s rollout of this technology prioritized using passkeys to lock people into their walled gardens over providing universal security for everyone (you have to use their platform, which often does not work across all platforms). And many password managers only support passkeys on specific platforms or provide them with paid plans, meaning you only get to reap passkeys’ security benefits if you can afford them.

They’ve reimagined passkeys, helping them reach their full potential as free, universal, and open-source tech. They have made online privacy and security accessible to everyone, regardless of what device you use or your ability to pay.

I’m still a paying customer of Bitwarden as Proton Pass was up to now still not doing everything, but this may make me re-evaluate using Proton Pass as I’m also a paying customer of Proton Pass. It certainly looks like Proton Pass is advancing at quite a pace, and Proton has already built up a good reputation for private e-mail and an excellent VPN client.

Proton is also the ONLY passkey provider that I’ve seen allowing you to store, share, and export passkeys just like you can with passwords!

See https://proton.me/blog/proton-pass-passkeys

#technology #passkeys #security #ProtonPass #opensource

  • HACKthePRISONS@kolektiva.social
    link
    fedilink
    arrow-up
    1
    ·
    8 months ago

    I don’t trust them because they don’t use established security practices and their interfaces abstract away the internals and they have complied with law enforcement and admitted they could compromise contents(not just metadata) and they don’t accept anonymous payment.

    • GadgeteerZAOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 months ago

      They do accept Tor connections though… But I think you have the facts wrong about that access to data unless you have a credible source you can share: They are legally obligated to comply with lawful requests from Swiss authorities if they meet specific criteria (just like every other country except the USA where law enforcement [used?] could just request access. In a US case involving threats against immunologist Anthony Fauci, ProtonMail confirmed they received a legal request from Swiss authorities. However, due to end-to-end encryption, they could only provide the date the account was created, not the content of emails.

      • HACKthePRISONS@kolektiva.social
        link
        fedilink
        arrow-up
        1
        ·
        8 months ago

        they could ship malicious js to their frontend that would give them access to the unencrypted session. you are going on faith every time you load the interface.

        • GadgeteerZAOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          8 months ago

          Vulnerabilities on the client end are the only way right now for most state actors to gain access to messaging. So yes, various actors are already exploiting that as they have a lot at stake to gain access. But with others already able to exploit that, why would Proton want to do that? Their model is not about advertising or selling data, and they have 100 million paying customers as I understand it. The one’s that have been spying and exploiting have been the likes of Meta’s Facebook with their app present on the client device, and then trying to break Snapchat’s encryption this was (this came out in March 2024). Anyone “can” but we need to also consider “why” and what business model they have.