I blog about #technology #gadgets #opensource #FOSS #greentech #traditionalwetshaving #LCHF #health #alternativeto #hamradio (ZS1OSS) #southafrica - see https://gadgeteer.co.za/blog. I also blog to various other social networks which I list at https://gadgeteer.co.za/social-networks-i-post-to.
It does seem to have innovated quite quickly. I’m still using Bitwarden as I have the paid access to biometrics etc, and it has a nice tweak also to add unique e-mails for every login, etc. But I’m interested to see where Proton Pass will be in another few months, seeing I’m already paying for their service, and maybe I can consolidate my expenses a bit. I actually got drawn into paid Proton by leaving ExpressVPN, which I needed for Netflix, and then found Proton (with one or two others) were the only one’s handling Netflix’s geofencing quite well. Looking at options is always good.
Not really, right now as the password resets all undermine passkeys for many sites. One day if/when passwords get replaced then there will be a need, but that is a long way off probably. A good random password along with any 2FA is really good enough for most cases, and Bitwarden already does that very well along with even random e-mail addresses.
There is a difference but right now as long as one uses a good password with a 2FA it is probably good enough. Too many services with passkeys are still quickly offering password resets via e-mail or text, so they, as sites, are not secure. And unless you can move your passkeys with you, like you can with passwords, you don’t want to get locked into a single device or OS.
Yes, passkeys are public private keys, so a site only ever sees your public key. Your device does the match with the private key. So in that way, no-one can hack the service site and steal your password. But your private key on your device has to stay very private, and should be synced to another device, because if you lose your private key then essentially you can’t login in. If a site offers a backup “password reset via e-mail” then they have rubbish security anyway.
I use passkeys for some sites, but have been reluctant to go all in until I’m sure all my devices can support them. I’m not always going to have my desktop with me, and likewise my phone’s battery can be flat, etc. I’ve always wanted passkeys to first sync across all my devices, and ideally to be exportable and brought into a different service. Right now you can export your 900+ passwords, and import them into a different service if you want to move. You can’t do that with Apple or Google passkeys.
The point of the post was that Proton Pass is beating Bitwarden right now to having passkeys for mobile (Bitwarden has still not released that), and Proton Pass can actually export passkeys which Bitwarden does not do, so they are improving. I would not say though they are better all round than Bitwarden. I pay for both but am still evaluating the rest of Proton Pass vs Bitwarden especially around tweaks in options. But Proton is showing some innovation and momentum, while Bitwarden is slowing a bit. For those already using Proton they will likely find Proton Pass good enough to use right now.
Not as simple as that as many did ditch WahtsApp for Meta’s documented privacy violations, and their ongoing T&C which passes the WhatsApp metadata upstream to Meta and others. A lot of people also only use one messenger, and right now nothing connects them together yet. So I have masses of family and friends that only use WhatsApp, and I now only have SMS contact with them. About 8% to 10% do have multiple messengers so I see some on Signal and Telegram.
The last thing the world needs, is for WhatsApp to become the default dominant standard. That is a company that can be least trusted out of everyone worldwide, based on their history. With the app installed, the metadata includes constant location, usage, contacts, messages to who, etc.