← Back to context

Comment by UltraSane

4 months ago

They aren't that much more secure than a random 256 bit unique password for every site stored in a secure password manager. They are designed to raise the security for the average user, not the most security conscious.

https://www.computest.nl/en/knowledge-platform/blog/advantag...

3 comments

UltraSane

Reply
tekknik  4 months ago

This is a weird take. The passkey can be up to 1400 bits in length which makes it significantly more difficult to brute force than a 256 bit password. Not to mention some sites won’t even let you type in a password that long, and then ofc rainbow tables.

Passkeys are significantly more secure for everybody.

  • UltraSane  4 months ago

    a truly random 256 bit password would require more energy to brute force than the sun will emit during its entire lifetime. a 1400 bit long random password is not any more secure in practice.

    Passkeys are normally 256 bit ECC keys.

    • tekknik  4 months ago

      You’re totally right, more bits doesn’t mean more security. /s

      I seriously hope you don’t work in any security field.