How do you secure your online identity?

What methods of online authentication do you use?

  • TOTP stored on a single device (eg. MS/Google Authenticator)

    Votes: 0 0.0%
  • Third-party Sign in with OAuth (eg. Sign In to third party site with Google/Facebook)

    Votes: 0 0.0%
  • Out of band password via SMS

    Votes: 0 0.0%
  • Passkeys on a hardware device (eg. Yubikey)

    Votes: 0 0.0%
  • Passkeys with a third party (eg. Google account)

    Votes: 0 0.0%
  • Passkeys stored on a single device

    Votes: 0 0.0%
  • All of the above

    Votes: 0 0.0%

  • Total voters
    8
Just what I want, Micro$oft harvesting my biological data, too! I really need to get on switching my Desktop to Linux Mint (already got the laptop done).
Using passkey gives up no more personal information than a username/password. Moving to linux is good for all sorts of reasons though.

The comment "Passkeys, which involve the use of biometric identification like a fingerprint or face scan, PIN, and the like" is really odd, I though about commenting on it above. There is nothing biometric about passkeys. Passkeys is a communication standard not a software standard. It is integrated quite well into the hardware devices that really provide multi-factor authentication, some of which have biometric identification, and that is acknowledged in the FIDO Passkey standard, and these devices can have prior attestation through that standard, but it is not required.

I have not used Windows for some years, but I think the OS developers have a big role to play in this. Something like KeePassXC should be built into the OS and passed seamlessly through the browser. As some said in the other thread, there is a adoption cost in terms of time and effort to use passkeys, and it should be easier. If Windows is moving in that direction it could be a good thing, but I do not hear all the Windows users telling me how easy passkeys are to use on that so I am not sure they are doing a very good job. I am not in a good position to say however, has anyone here tried to get passkeys working with a Windows 11 box? Have they made it easier?
 
Last edited:
Using passkey gives up no more personal information than a username/password. Moving to linux is good for all sorts of reasons though.

The comment "Passkeys, which involve the use of biometric identification like a fingerprint or face scan, PIN, and the like" is really odd, I though about commenting on it above. There is nothing biometric about passkeys. Passkeys is a communication standard not a software standard. It is integrated quite well into the hardware devices that really provide multi-factor authentication, some of which have biometric identification, and that is acknowledged in the FIDO Passkey standard, and these devices can have prior attestation through that standard, but it is not required.
Yes, the way it's written makes it seem like MS is going to require biometrics.
 
I just came across this on the Google Winevine spyware page, and I think it is interesting that they use PGP so much. I am an advocate, and I thing financial organisations share a lot of blame for scams because of their lack of adoption of such tools.

Using PGP/GPG keys
Widevine requires every device manufacturer to supply a single public PGP/GPG key to be used to secure keybox transfers.

Widevine PGP Key for Device Credentials
All keybox files are PGP-encrypted with your PGP key and Widevine’s PGP key. If required, you may import the Widevine public PGP key below.

Widevine PGP Key for Engineering and Bugs
Use this PGP key to secure information for bug submission or engineering discussions.
 
I've heard one youtuber say just keep all your passwords on MS Notepad (!) and copy and paste in, but that sounds unreliable to me.
Yeah, seems like a recipe for trouble.
 
Back
Top Bottom