Wreszcie #Google dodało obsługę Kluczy zamiast haseł - moja poczta jest bezpieczna! Do tej pory tylko Microsoft to miał (z używanych przeze mnie serwisów).
I nie chodzi mi o klucze bezpieczeństwa wpinane do USB czy działające po NFC, tylko o Klucze zapisywane w urządzeniu czy iCloud - teraz żeby się zalogować nie muszę nic wpisywać, tylko mogę zeskanować kod iPhonem (chyba że przeglądarka sama autoryzuje logowanie, gdyż też można w niej zapisać).
Zbliżamy się do ery bez haseł i ich menedżerów. Nareszcie. Oby wkrótce dodano to do innych serwisów, np. Mastodon.
BTW, I think the #Google security team is great. I know some of its members fairly well. It does world class work. But sometimes I believe they don't fully appreciate the totality of their decisions on ordinary, non-techie users.
Oh, and to be clear, I will not be enabling #Google passkeys on any of my devices at this time. I noticed that Google already created them automatically for two of my devices, but apparently they are unused unless I choose to enable passkeys on the account.
If you are using a built-in security key on a Pixelbook / Chromebook, you will be prompted today to "replace it" with a passkey. (You may get an email like the one shown.)
Until you generate a passkey, if you try to use the built-in security key as your second factor for Google itself, you will be repeatedly prompted to tap your power button, but the security key will not be accepted - cancel that and authenticate with another FIDO2 factor.
When you do create the passkey, that passkey will be listed in the "Passkeys you created" section of your passkey management config, not the "Automatically created passkeys" section.
#Google is enabling #passkey support for all its accounts. You can create passkeys on supported devices like finger-print enabled phones, laptops, or based on FaceID. It includes Android devices, iPhones, Windows and Macs. No need for passwords or 2FA for Google accounts. This is fantastic news.
Check out this blog. Passkeys are easy to create from the link provided in the blog post.
**** Questions I'm getting about Google's "passkeys" announcement ****
All, I'm getting a pile of (many confused) questions about #Google's new "passkeys" announcement. Since I wrote "Passwords Must Die!" many years ago, I cheer these advances ... however ... there are implications in the implementation that really need to be fully understood by users, and frankly, given the difficulty in getting users to use 2-factor authentication, I suspect passkeys adoption will be complex unless users are forced to use them, which has its own implications.
Bottom line, I would not urge use of them immediately, unless you are absolutely convinced that you understand the details, some of which are a bit opaque right now.
My intention is to blog in some detail on this (and the new Google Authenticator cloud issues I mentioned previously) as soon as possible.
Config: https://myaccount.google.com/signinoptions/passkeys (control panel to enable, and a manageable list of devices that you already have passkeys for - especially important for removing passkeys from lost or stolen devices!)
If your account has 2-Step Verification or is enrolled in the Advanced Protection Program, you will bypass your second authentication step by signing in with a passkey, since this verifies that you have possession of your device.
If you have a Google Workspace account through your school or employer, you will not be able to use passkeys to sign in at this time."
Note that passkeys you create (including ones that replace built-in security keys on Chromebooks etc) will appear in your "Passkeys you created" config section. Most passkeys in this section can be renamed. Passkeys in the "Automatically created passkeys" section cannot currently be renamed.
I have just set up passkey password-less system in my Google account. If this is the future of passwords, I really like it! Looking forward to seeing this in other services! #passkeys#google
While I agree with the @fsf warning about the emblematic value of the decision by #Google to pull support for #JpegXL from #Chrome, their article <https://u.fsf.org/3z8> is as empty as could be, especially considering that #GNU#IceCat doesn't support JPEG XL either (being based on a #Firefox branch that doesn't build #JXL support in.) You want to show that #FLOSS can do without? Do it by actually supporting what you complain Google is failing to.
Companies welcome input from industry participants and advocacy groups on a draft specification to alert users in the event of suspected unwanted tracking
> Location-tracking devices help users find personal items like their keys, purse, luggage, and more through crowdsourced finding networks. However, they can also be misused for unwanted tracking of individuals.
@tcely I am glad that #Apple and #Google finally have started to work on a problem that they created and profited from for many years, yet kept saying "Hey this isn't REALLY an issue" ...
As we edge closer to the #Google Analytics #GA4 switchover, I'm receiving more emails from our 3rd party site vendors with an interesting take. The basic message is this:
"UA is no longer going to work, we're not going to spend our time moving you over to GA4 ourselves because it's difficult. If you want to do it, you're on your own. Did we mention your existing data will be erased?"
Some have given alternatives or pointed to internally built analytic dashboards.
Were it not for the reliance on Google's #Cloud services and Google refusing to make them #GDPR & #BDSG - compliant which they only could if they were to enable [#SelfHosting due to #CloudAct] these would've flooded the markets outside the USA...
Und auch deshalb ist die Digitalisierung, die früher oder später unweigerlich auf eine Post-Privacy-Gesellschaft herausläuft, in erster Linie eine Dystopie:
"As abortion bans across the nation are implemented and enforced, law enforcement is turning to social media platforms to build cases to prosecute women seeking abortions or abortion-inducing medication – and online platforms like Google and Facebook are helping. "
Google und Facebook/Meta geben Nutzer:innendaten an die US-amerikanische Polizei weiter, damit diese Menschen verfolgen kann, die Informationen zu Abtreibungen suchen.
Und das ist nur ein Beispiel. Morgen kann schon illegal sein, was heute noch legal ist und etwaige Datenschutzgesetze können auch in Europa gelockert werden, während die Überwachungsinfrastruktur, Digitalzwänge/Abhängigkeiten und der Zugriff auf Gesundheitsdaten immer invasiver werden.
Google ist sooooo selbstlos, dass es seine überwachungsdystopische Vision sogar 'Selfish' nennt.
"Google’s Selfish Ledger is an unsettling vision of Silicon Valley social engineering.
This internal video from 2016 shows a Google concept for how total data collection could reshape society"