Yes, but also on the flip side, I have sat thru classes where the teacher did not know the curriculum and I had to explain things to the students. I also built the infrastructure for a computer lab and then had classes in that very lab. When the teacher couldn’t set up the conditions for a test, they consulted me to troubleshoot it (in this case, the teacher was not at fault, it was the equipment).

I tried to CLEP, but most of the time (for me) i failed many because I was either bad at the test, covered material that I was never taught, or the course could not be CLEP. The annoying thing is that in almost every case, there was stuff that wasn’t in the CLEP that I was taught, or vice versa after taking the course.

If the course doesn’t teach you to understand, then the metric being measured is not “understanding”.

There were rules for how numbers were issued. You could tell where and when someone was born based on their number. Im unsure if it was changed, but I can see how high population areas could run out of their quota and need a new block

But isn’t ‘cold’ a measure of a particle’s energy, much the same as ‘hot’ is? Wouldn’t a true vacuum be neither hot nor cold? I mean, I get the analogy, but Isn’t the real issue that there’s not enough matter to transfer energy between things. So like, no matter how hot it is, it’s just not going anywhere? Or am I way off mark?

Keep in mind, still discussing the underlying fundamentals and not the user experience.

MitM attacks are frequently covered in white hat hacking, often after an actual event takes place. It is considered a third party attack, and it does break trust. It is a security threat, and to claim it doesn’t count is absurd. I’ve seen a few reports personally from internal, but I’m not at liberty to speak specifics about them. On the topic of replay attacks, TOTP is vulnerable, but passkeys are not (yet, I’ve seen people try though). This isn’t the only type of MitM attack, and, again, both are somewhat vulnerable.

TOTP is nothing, nowhere similar to passkeys in any way. You do NOT generate codes with passkeys. Passkeys are a form of public/private keys that are used to create a challenge/response request and used to generate a digital signature. The keys are not passwords (aka “shared secrets”). Digital signatures are also not passwords. The only other thing I can think you mean by “code generation” is that you’re using it as a generic catch-all, but that happens with…well everything (even passwords), depending on context.

I don’t want to sound too much like a die hard passkey fan - and you are right - passkeys are extremely overkill if you use anything above a plain old password. In some cases, layered security can be just as effective. The problem is that most people do only use plain old passwords. If we can get any kind of extra security, even TOTP, then all the better. There are also some cases passkeys are not feasible, so it’s good to have alternatives.

That’s false, TOTP can and has been the target of man in the middle attacks, successfully. The implementation of passkeys makes man in middle attacks more difficult, but it could still happen. So both are susceptible to third parties to some degree.

As far as point of view, I was assuming we were talking about the process, since the goal of passkey UX is to be largely the ‘same as’. Which, to be frank, is way less dedicated since both the implementation of passwords and passkeys can vary widely (2fa, email, id, otp, etc). If we exclude those, the UX is the same - some users might be even using passkeys and not know it.

TOTP is based on shared secrets, just like passwords. As such, it’s susceptible to many of the issues passwords are and is much closer to passwords than passkeys. Passkeys on the other hand, don’t have shared secrets and operate completely differently under the hood.

Perhaps he means the process of setting it up. Or when it doesn’t work. Or when passkeys are lost. Or using another device. A lot of people’s complaints about passkeys aren’t really about when it works.

It’s valid I think, but also some people forget passwords can have similar experiences. For one, there seems to be this idea that if you lose your passkey you get locked out of your account forever. The recovery process should be no different than losing your password.

No. It’s a completely different process. It’s a bad name for what it actually does. (Unless you’re talking about how computers do things, then EVERYTHING is numbers)

Look up public/private key pair encryption. It’s the process that has changed.

The problem with all these “what are passkeys” guides is that it’s difficult to convey the differences between password and passkeys if you don’t have a deep understanding of encryption or authentication systems.

Gamblers Fallacy. This only applies if the events are independent. A six sided die will always be six sided.

You wouldn’t apply Gambler’s Fallacy to a standard game of Blackjack for example. You don’t have to be a card counter to understand that the probability of a card changes as each one is played.

We don’t know what causes magnetic reversal, and it could be many random or non-random factors that lead up to it or some other external factor. Is it a dice roll, or is there something stacking the deck?