Not really, right now as the password resets all undermine passkeys for many sites. One day if/when passwords get replaced then there will be a need, but that is a long way off probably. A good random password along with any 2FA is really good enough for most cases, and Bitwarden already does that very well along with even random e-mail addresses.
It's not a race and I would not even start to use passkeys until I know they can move with me across devices and OSs. Also, most sites that do offer passkeys, still offer highly insecure password resets which really undermines the security that passkeys should offer. I waited a long time for Bitwarden to start with passkeys, and they were going to be the answer to fully portable passkeys (I've been waiting so that I know my passkeys will work across all my devices and OSs). Now I'm waiting for mobile implementation before I can get going. I do hope they will also be offering exporting of passkeys, like you can currently export your passwords to other services.
Ah thanks for explaining that. It just makes it then difficult to fully move to passkeys with Bitwarden, which is why I've been waiting so long, and why I never stayed using Google or Apple's passkeys.
There is a difference but right now as long as one uses a good password with a 2FA it is probably good enough. Too many services with passkeys are still quickly offering password resets via e-mail or text, so they, as sites, are not secure. And unless you can move your passkeys with you, like you can with passwords, you don't want to get locked into a single device or OS.
Firstly, the point was made that the passkey functionality in Proton Pass is free (no account needed or "selling") and that is for unlimited logins. Anyone can just use it. I pay for, and am still using Bitwarden. I posted about this because it is interesting that Pass has implemented passkeys for mobile, while I still wait for Bitwarden, so I'm interested in testing this out with Proton Pass. I post about all sorts of things that I find interesting, and sometimes I do switch my services across if I find it can match or better what I already use. That's the bottom line.
I was just as interested when I was considering moving from LastPass to Bitwarden, but then I was accused of "selling" free Bitwarden to people. Everyone must make up their own minds as their circumstances are different. But if no-one posted about what they found interesting, we'd have no Lemmy, and we'd all forever just stay stuck on whatever we personally know. Certainly Bitwarden and Proton Pass are not the only good password managers out there, but this week I was interested to see an article about Proton Pass, and I had not even known they'd rolled out passkeys yet. It seems like quite a few others did not either.
I'm sure others also post about what new stuff 1Password has just rolled out, and I'd be interested to hear about that too. That is how I decide whether I want to try something better.
If I wanted to try to sell something, I'm sure Proton Pass probably has some loyalty link for paid accounts, but no, you did not see me sharing anything like that. I mentioned the access was free.
Google's own one may be, and that is their right, but it is an open standard so anyone can produce their own RCS app like Samsung has done, and the same way Apple is building support into their exiting app. Nothing should stop a 3rd party developer looking at the standard, and producing an open source RCS app?
The GSMA does need to work harder at ensuring true interoperability between carriers, esp for E2EE. I'm expecting that the Google "monopoly" will get broken up at some point. I would have hoped that Apple insisted on hosting their own RCS (standards compliant) server.
Vulnerabilities on the client end are the only way right now for most state actors to gain access to messaging. So yes, various actors are already exploiting that as they have a lot at stake to gain access. But with others already able to exploit that, why would Proton want to do that? Their model is not about advertising or selling data, and they have 100 million paying customers as I understand it. The one's that have been spying and exploiting have been the likes of Meta's Facebook with their app present on the client device, and then trying to break Snapchat's encryption this was (this came out in March 2024). Anyone "can" but we need to also consider "why" and what business model they have.
Not the only one, Samsung also their Messages app with RCS built in, and Apple is adding soon. The one-to-one messages are E2EE, and I understand groups are/were to be E2EE. We should be seeing more apps building it in as I've been asking Truecaller to do, as I have to pay for every SMS in Truecaller.
It is not zero encryption, like SMS, though? All GSMA-compliant RCS implementations must use TLS to encrypt data transfer between your device and the carrier's server. While recommended by GSMA, E2EE is an optional feature that carriers can choose to implement or not. So carriers can implement it. I'm pretty sure that as adoption goes mainstream, a "monopoly" on the server side is going to get broken up.
@danie10
@lemmy.ml