Wireguard is simple enough to setup, and i actually use it much like OP does, though i don't force all my DNS queries through it, and instead use NextDNS.
It's basically setup so that i have my internal machines registered in NextDNS as rewrites, and Wireguard is setup to route anything for my internal RFC-1918 network, ie. 192.168.1.0/24, so when NextDNS returns 192.168.1.5 for "host.mydomain.com", it will go over wireguard.
The advantage is that i can keep the tunnel up 24/7, and it has very little impact on battery life as normal requests simply go over the internet.
I wanted to build a gaming PC around summer, to be able play with my son, but I postponed it for no real reason. I built this PC a 2 weeks ago, so instead of paying 250 pln (~$70 usd) for 32 GB RAM, I paid 899 pln (~$250). Now, exactly the same RAM costs 1099 pln (~$300).
I don't have this problem. I'm using passkey probably on only 1 website (github) but it's working without any issues on all my devices. Maybe it's a password manager issue? I'm a bitwarden user
Well you have your passkey stored in Bitwarden, which may weaken its security, since it's a software-only solution.
The idea of passkeys is that they are supposed to be tied to a hardware device. And this leads to very odd situations, like Chrome asking Windows to authenticate, and Windows having to ask for the passkey on an Android phone.
I migrated to Bitwarden around 3 weeks ago and now Chrome is no longer asking Windows to authenticate, but Bitwarden. But then Bitwarden doesn't have the passkey, so it will offer to delegate to Windows, which will in turn reach to the Android phone, unless it's one which is stored in Windows.
This are the kind of problems which arise, and for a 75 year old senior who never dealt with all this crap, this is nothing but a huge annoyance, because they simply don't understand what's going on. It was easy with username and password.
What I liked the most was username+password and a Yubikey for OTP. And for what can't or no longer wants to deal with Yubikey, I've moved to app-based OTP. And now I'm starting to get forced to move to passkeys, which annoys me a bit because things are no longer so clear.
> The idea of passkeys is that they are supposed to be tied to a hardware device.
No, not really. That was more of a U2F/WebAuthn concept. Passkeys are intentionally permitted to be attached to accounts.
You can use hardware bound tokens as passkeys if you prefer, of course. However, that approach has led to a huge amount of people getting locked out of their accounts because they lost their Yubikey or reset their phone.
There are implementation improvements to be made, for sure, especially on Windows. However, that same 75 year old also won't know to look in Edge's password manager when Bitwarden says it can't find a password for a given website.
And let's be honest, that 75 year old won't be using Bitwarden or a password manager anyway, their password will be NameOfGrandkid2003 despite being told to pick a different one after the last time their account got taken over.
I wish I could use passkeys more often but when websites offer 2FA of any kind, it'll be through TOTP, and usually without providing any recovery codes either. TOTP and email+password aren't going away.
Passkeys are the name used for FIDO2 authentication flows for normal people.
WebAuthn is the JavaScript API to access the USB devices speaking U2F to the browser.
FIDO2 extends the WebAuthn API by also offering to store security tokens inside of a device's TPM, by using CTAP2 to authenticate with an external device or service, or by using good old U2F. If you're implementing it, you generally only need to deal with the WebAuthn side, the browser will take care of the rest.
You can think of Passkeys as "WebAuthn 1.1". Names like WebAuthn and U2F don't exactly attract the general consumer, so they rebranded it. The same way websites used names like "passwordless logins" when trying to describe WebAuthn+U2F, expect "passkey" seems backed by larger companies.
If you've implemented WebAuthn correctly (I doubt you actually interacted with the U2F API directly), you've also implemented passkeys.
The naming is rather confusing, mostly because a lot of websites used the wrong name for the wrong part of the process. Luckily, almost nobody acfually knows what the hell a WebAuthn is, so passkeys are the introduction to the whole stack for most people.
Just a side note my 80 year old mother uses Linux with keepassxc and has generally more secure processes than many software developers I know (who often use very simple passwords, share them around freely...).
Just to say that we should be careful with our generalisations (I know you didn't start this one).
Why should we be careful? Not trying to troll here, but your mother being an exception to the generalization doesn't mean the generalization is wrong. Nobody said 100% of old people had bad security habits.
Do you have a source for the hardware-tied design? Neither the specs[1] nor Wikipedia[2] say anything about Authenticators being hardware-only as far as I can see. The specs even specifically talk about Clients (ie browsers) storing passkeys.
That's quite expensive, though not the typical price you'd pay from someplace like Digitalocean. I imagine this is from a host in your local country? Those tend to be more expensive if you're not in a common datacenter region.
I wonder when they will add another level and talk to LLM how to talk to another LLM how to talk to another LLM