They’re taking 2 months of wages forcibly by holding him!

I prefer algae… much more space in the ocean…

You realize there’s a reason they give you antibiotics after surgeries right? It’s PRECISELY because of infection vectors like that during the surgery.

And during anti-cheat outages… Turns out the games play fine with proton.

Wireless defines how you access the point… Not that the access point itself is wireless.

A switch is technically a “standard” access point (or just ports in the wall connected back to the switch).

We use “Wireless” access point to denote access to the network without physical connections.

WAPs can connect to the network via wired or wireless means. Where most people will reference “WAP” as a wired (wired uplink) connected wireless access point… and Mesh (Wireless uplink) WAPs as wireless connected wireless access points.

The transfer speed of WiFi 7 is just over Thunderbolt 3.

This is so wrong that it’s absurd it’s been here for 3 hours and nobody has called it out. The claim is “more than 40Gbps” (I believe 46Gbps is the number floating around) for wifi7. This will likely require 8x8 at 320MHz or even possibly 16x16 ( I don’t remember if this was floated as an idea or not) which would require more or less the entire frequency range. Fine… But that’s 46Gbps aggregate, meaning for up and down speeds. The split would then be 23/23 gbps, this is paper best case.

The reality is that you’re going to lose about 50% of that off the top because wireless always does. So 12/12 if you’re lucky.

What speeds does Thunderbolt 3 support? 40/40… 80gbps aggregate on paper. 22/22 in practice for a data-only channel (other modes can still access 40/22 quite readily). It’s not even close.

the difference between 5Ghz (5150-5895) and 6Ghz (5925-7125) is not really sufficient to blame for most home uses. It’s expected as a rule to lose about 10-20% more power than 5Ghz through walls (where 5Ghz lost 100% more power than 2.4 Ghz does). It’s much more likely that your new WAP just does less power or worse antenna than the old one did.

That fact that there are flaws in the TLS/SSL implementation of public key authentication does not equate to those flaws being present in the Passkey implementation of public key authentication.

So the fact that LITERALLY EVERY public key auth up to this point in history except for a very very limited few has been broken/updated isn’t a sign to you? Why are you so willfully ignorant here? NO encryption method is perfect… NO Authentication method is perfect.

TLS/SSL is one implementation of public key authentication.

Good thing everything I’ve talked about has been about Public Key Authentication and the traits that those have! Almost like being such a thing would have common traits between them that would not change!

Passwords MUST be transmitted to the service in a form that the server accepts as valid

Just like the challenge/response must be transmitted in a way that the server accepts it as a valid answer… Platitudes like this mean nothing and show that you do not understand any of the fundamentals happening here. Public Key Encryption is fundamentally 2 entangled passwords and a challenge (random generated known) on session start. There’s 0 reason that the passwords couldn’t just be an actual password for the private side, and the hash the public key. You need to read up on implementation of these things.

A passkey is never transmitted and thus cannot be stolen from that transmission. They are not dependent on the security of a known to be flawed network protocol.

I literally said this so many time already it’s getting sad that you are arguing so disingenuously. You don’t HAVE to transport the password at all in password-based authentication. You can transport a hash(password+challenge) just like what passkeys would be doing.

I’m actually doing the opposite: Compairing the best password implementations with the worst passkey implementations. (regarding how the service implements auth, not how the user manages their auth info. Ie; what the user has no control over)

No you’re not, and now I’m walking away from this discussion. I can’t have discussions with people who outright lie.

The best password implementations would do what I’ve outlined several times now… The worst passkey implementation could simply challenge with the same or no value at all which would allow replay (gasp! like bad implementations of passwords! almost like they are basically the same!). Like YOU admitted, you can’t control the site implementation. I’ve said it repeatedly that the best possible passkey implementation is WORSE than the best possible Password implementation. However, the worst passkey implementation is likely better than that worse password implementation. Kneecapping those of us who actually implement properly… That’s dirty.

I’m also not going to discuss the merits of someone elses talking points. I didn’t even open that link.

And you’ve outlined none of your own. What productive communication this has been. It’s literally the same parroted talking lines that every fucking one of you “passkey” fanboys spout without any functional knowledge of what happening.

Go look at how all Public Key Encryption works. TLS is sufficient to understand it. https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/

Nothing stops step 4 from being the hash of a password, step 5 being you applying your password. Literally nothing. Passkeys are not significantly different than passwords from a best implementation standpoint, and actually introduce a number of problems that passwords do not have. It’s all about implementation and everyone who is lazy in implementing strong password authentication code WILL be lazy implementing PassKeys.

Others don’t care to go into that kind of detail and just stick with google/apple. To each their own.

Yeah you’ve already admitted that phone user’s don’t have a choice… and the vast majority of people’s only significant interaction with the internet in a day is their phone. So where’s the options for those people? Right… I’ve asked that like 3 times now and you’ve failed to answer.

A new tech has not yet been adopted everywhere yet so we should abandon it entirely? That’s quite the take.

No, it offers nothing that cannot be done with current implementations of passwords/password managers. That’s the take. You’re just obtuse and unable to answer how your precious passkeys is actually better in any form.

Again: no, this is not an implementation of TLS/SSL.

It’s literally what it is… It’s what industry experts directly call it. Public/Private keys… That’s all this is… that’s literally how TLS/SSL works.

I’ve said their transmission -at all- is a bad thing (which they have to be to be used)

They don’t… because well implemented passwords should only send hashes… Which we’ve already established that passkey implementation is also problematic. You can’t compare the worst implementation of passwords to best implementation of passkeys. That is disingenuous. Nothing about passkeys forces a website to implement things “properly”, just like they don’t have to for passwords.

A random example: If I login to twitter with a password using a work computer, that password is more than likely now sitting in a log file on the corporate firewall that performs https inspection. That could be used to gain access to my account later.

Doesn’t stop MitM, doesn’t stop corporate firewall from capturing the session cookie and utilizing that to replay access to your account. Assumes that the challenge and response are implemented so that it’s not guessable nor repeated… Keep in mind, we can hash/salt passwords in a multitude of ways, which can be used to vary the “response” of a password as well.

How I got the passkey onto a work computer is separate discussion, point is the example of collecting your password via a malicious network connection.

But it’s not. If I want to login on a work computer with a password. I can just type the damn thing in. Passkeys are simply LESS mobile… and carry more risk as you’re now authorizing a specific machine to have permissions indefinitely rather than having sessions that defacto expire and that’s it.

But let’s actually reign this in a bit… What are the actual beneficial claims here?

Do you agree that something like https://b-compservices.com/switching-from-passwords-to-passkeys/ encompasses all of it?

It’s a bit more tricky to attack than a password

Can accomplish the same thing with passwords that they claim passkey can do. Whether someone implements it that way is a different problem. But it’s possible.

Improves cybersecurity strategy

Also makes it significantly harder for companies to support users. I cannot set a passkey to a known value to let someone into their account after they lock themselves out (likely forgetting their own password).

Smooth user experience

I’ve had this with password managers for a decade… if not longer at this point. And it works on all my devices, so it’s even more smooth!

Every passkey is strong by default

See above…

Future-proof

Anyone who says this in the context of computer security is lying from the get-go.

Convenient to use

Same as “Smooth user experience”.

Lower long-term costs

Their logic here is moronic. “This includes the time IT spends dealing with the constantly changing legal requirements for password storage and password resets.” Except now people will just be locked out and fucked completely. Unless they happen to use a flawed passkey implementation that allows them to recover their shit no?

When you don’t put any thought into what you’re using and just stick with the defaults you’re given; you’re obviously not going to have an optimal experience. Hence: Do better.

And yet here we are… you can’t use it the way you want even if you wanted to. And have no guarantee that that functionality will ever be supported on your platform. Yet you’re saying “do better” when better literally cannot be done.

via a public chain of trust

You do not understand TLS/SSL then. Public chain of trust is not a requirement. You can import and trust whatever cert you want. And there’s been a history of attacks SPECIFICALLY doing that.

This is then also wrapped in TLS/SSL as an additional layer.

Which password auth is at this point on the internet as well… yet in previous posts you made it out like passwords are sent over the clear and are sniffable by the whole world.

All of these points only apply if you don’t pick a decent password/passkey manager and just stick with whatever google/apple gives you.

Oh yeah? So on Android… How do you get your password manager to work for your passkey storage? Because all I see on android is NFC, USB, and “This device” (which is literally google storage, not your own app). So how do you login to any apps that you’re using passkeys on your phone?

Do better.

LMFAO, you’ve addressed basically nothing and assume that your answers are sufficient you can fuck right off.

Edit: This is effectively SSL/TLS… Right? So there’s never been a successful attack on that right? Boy do I have a bridge to sell you.

It can still be stolen during transit, directly from the user, or from poorly implemented processing/storage practices on part of the service which you have no control over and no ability to audit.

All of the same concerns exist with passkeys. Worse though is that with passkeys you cannot audit yourself them at all, they’re locked away and have no ability to be viewed at all. You actually can’t tell if the passkey you “Deleted” was actually removed… Nor if a new one that you create to take it’s place is actually different than that one you just “deleted”.

Passkeys guarantee to reduce this to a single possible target of theft: The users device.

Which you as a user, if you implement password properly (one unique password per service) also have the same quality. Except you don’t have to rely on now a single possible target! If you steal my device, you have no hope of getting access to my accounts. Period.

You as a user have no control or even insight into how a service implements password based auth.

You don’t have any control over passkeys either…

All you can do is use a unique complex password and hope they do the right things to keep it secure.

Same as passkeys. Except now your hope is that your system AND their system keeps the passkeys properly secure.

Just by using a passkey though, you can know for sure that you are in control of it being kept secure as it never leaves your possession.

You actually have no idea about this… since different standards can exist at the browser or implementation level that can do whatever they want with the keys. Case and point is that Apple allows you to migrate your passkeys through iCloud. Either they’re using your private to authorize a new private key, or they’re actually physically moving your private key to a new device. In either case, that already disproves that “it never leaves your possession” since a cloud service can move it for you.

Passkeys are better than passwords as they cannot be stolen from the service you are logging into

A well implemented password also cannot be stolen. Only a hash of that password. Which would be equivalent to the public key, since it’s derived from the private key of the passkey. Much like the hash of a password is derived from the password.

biometric authentication

is bullshit. You must be able to revoke something in order for it to be effective as a password. Revoke your fingerprint… I’ll wait. Making it one factor is fine, making it the only factor is fucking moronic.

making them extremely difficult to access even with physical access to the device.

Which makes it the same “factor” as most MFA implementations. Something I have and something I have is not effective for adding security to something. Multi-factor isn’t having many of the same factor. It’s covering multiple factors.

Edit:

Google, Github, Nvidia, and Microsoft to name a few.

Google!!! the company that automatically creates passkeys without your authorization. BTW… my google account IS MFA configured… The Passkey login on my phone SKIPS Mfa… So your list is already dead with the biggest and first item on your list.

So a cease fire would only last as long as the next Hamas attack.

Which we’ve literally observed several times before where Israel will sign a cease fire and hours later Hamas will attack… A ceasefire at this point is just signing up Israel for extra deaths and saves no one else.

Edit: For you morons downvoting me. I suggest you actually do some searches on who ended each ceasefire on all previous signed ceasefires.

Passkeys are not better than a well implemented password. The fact that you cannot use 2fa on top of a passkey actually makes it a worse solution overall.

Passkeys raise the minimum… but at the same time lower the maximum security a user can choose to utilize. I will not personally accept any solution that lowers the maximum level of security I can have.

Well flat vehicle taxing based on weight, ICE engines are taxed additionally by tax on fuel. Not all taxation needs to/should happen in a single space.

Considering that the point of gas taxes ARE to obtain funding to repair roads… Transitioning to weight/travelled distance based registration taxes would mean that you want to double tax ICE vehicles to obtain those funds. That would be a bit silly to do…

People are not replacing their ICE SUVs with BEV sedans… And ICE sedan vs a BEV sedan is 30-100% heavier. I would presume the same would happen to SUVs as well. And sure enough we can look!

Volvo makes a car that’s effectively the same, but one electric and the other gas. The EX90 and the XC90

EX90 - 6213 lbs
XC90 - 4522 lbs.

Gee golly! Dead on what I stated.

Ford F150 lightning! ~6,500 lbs
F-150 XLT SuperCrew w/ 4wd? 4,705 lbs.

If this is such a concern, why isn’t the whistle also being blown about these vehicles?

Because we’ve been ignoring this problem for decades and nobody actually listens to people who talk about actual problems in this country. Also, because people like you don’t care to read articles like the one I linked above.

Increasing weight will be a multiplicative amount of damage that it does to the roads/bridges. A 30% increase in weight may be something like a 2-3x amount of wear that it causes on a road. It’s well known that trucks and SUVs do probably about double(if not more) the damage to roads as sedans (https://www.insidescience.org/news/how-much-damage-do-heavy-trucks-do-our-roads and https://www.profitgreenly.com/p/road-damage-fees-and-profit). Car companies aren’t going to tell you that this is happening… They would sell less cars then. Government has been telling you for decades… you ignore them now. Or worse, your local government doesn’t give a shit and spends the money like morons anyway.

I’ve been reading these articles for decades now… and every news org has covered it at some point probably many times over the years. examples:

https://www.cnbc.com/2022/03/17/why-us-bridges-are-in-such-bad-shape.html
https://www.cnbc.com/2019/03/29/thousands-of-us-bridges-in-poor-condition-as-pace-of-repair-slows-report.html

And I could find more… but google has become really bad over the years at finding “historic” web pages.

I think they’ll be just fine. 🤦🏻‍♂️

https://infrastructurereportcard.org/wp-content/uploads/2020/12/Bridges-2021.pdf

Currently, 42% of all bridges are at least 50 years old, and 46,154, or 7.5% of the nation’s bridges, are considered structurally deficient, meaning they are in “poor” condition.

We’re not doing good in maintaining them already… Now you want to increase weight load on all of them 30-100%…

Estimates show that we need to increase spending on bridge rehabilitation from $14.4 billion annually to $22.7 billion annually, or by 58%, if we are to improve the condition. At the current rate of investment, it will take until 2071 to make all of the repairs that are currently necessary, and the additional deterioration over the next 50 years will become overwhelming.

Our bridges are not in good shape in the USA.

But sure, let’s live in your delusion! That will only lead to success! Totally won’t lead to people dying avoidable deaths.

The US could compensate by people driving less of the unnecessarily large vehicles.

Yeah, that will never happen.

Make road taxes based on weight.

I’m 100% on board with this. But we’ll never see it happen. And regardless, in this context that means that ICE vehicles on average would be taxed less. Proves the point that there is an additional cost that people don’t actually ever acknowledge with BEVs.

to leave 2/3 of the batteries in my garage and only install them when I want to visit grandma it would be great and save a lot of weight.

Then you’d be paying much higher taxes for something you’re not actually leveraging. Normal people will basically never do this.

I’m sorry, where did I say anything akin to that? What a completely disingenuous way frame my point. I’m sorry that your beliefs are so fragile that you can’t actually participate in a reasoned discussion without acting like a fool.