• 1 Post
  • 39 Comments
Joined 1 year ago
cake
Cake day: June 27th, 2023

help-circle












  • Although I agree with you, I don’t think that’s what OP was asking about based on this part:

    I’m just thinking that if a hacker got access to one email they’d have all account information?

    It seems they are asking if an separate email account for each service would be beneficial. My opinion is it would limit the attack if an email account was hacked, but definitely not worth the hassle. Email aliasing (like the comment above me says) gives you some of the benefits without needing to juggle multiple accounts.



  • For sure, but that still isn’t a passkey. The method you are talking about is the equivalent of non-passphrase protected SSH protocol, which is a single form of authentication (i.e. if someone has your security key they have your account).

    The term passkey implies MFA: having a physical key and a password, a physical key and a fingerprint scan, or equivalent.

    Sure the username could be considered the password, but usernames are not designed to be protected the same way. For example, they typically are stored in clear text in a services database, so one databreach and it’s over.