• 0 Posts
  • 4 Comments
Joined 3 years ago
cake
Cake day: July 3rd, 2023

help-circle


  • There is no full stop there… A password that is sufficiently long will never be cracked no matter the hashing algorithm in use. Passwords are easily transferrable and can be communicated to a third party in the event of an emergency. They also provide tunable security, where you can trade off security for convenience if you want.

    Some (not all, I know) passkeys are tied to a device. Stolen device means stolen passkey, and it’s potentially very difficult to recover from that. Passkeys are also locked to a certain standard, passwords have no such restrictions.

    Tbh I don’t understand the move for passkeys replacing passwords. They should become the second factor when a user wants additional security. They’re perfect for that niche.


  • qqq@lemmy.world
    cake
    toSelfhosted@lemmy.worldDedicated service user or not ?
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Woah, no. Sure escaping via a kernel bug or some issue in the container runtime is unexpected, but I “escape” containers all the time in my job because of configuration issues, poorly considered bind mounts, or the “contained” service itself ends up being designed to manage some things outside of the container.

    Might be valid to not consider it with the services you run, but that reasoning is very wrong.