It won't make too much of a difference here, the six month minor releases are updates to the Mint-specific features like Cinnamon. It is built on top of Ubuntu LTS and still uses those packages for most things.

The major releases are big updates, they move between Ubuntu LTS base versions. Those are every two years. They waste a lot of time with the minor version releases they do. On Mint the minor releases are mostly Cinnamon feature updates. They set up a brand new repo, compile packages for it even if they haven't changed, and do a whole release management things along with complicated "Update Your System" functionality that ends up mirroring a lot of the work they'd need to do for a major release.

LMDE does not do it this way and seems much more manageable. The Mint parts are essentially rolling release, no point releases.

Oh, and they do the complex upgrade thing because the repository for each point release is completely separate. As far as apt is concerned you are updating "zara" packages to "zena" packages even if they are the same. This doesn't affect the whole system, since the Ubuntu stuff stays the same, but adds complexity.

It's another piece that doesn't happen in LMDE. It's all "gigi".

The base is based on Ubuntu LTS, the point releases are primarily larger upgrades of the desktop environment and some of the associated programs. When you change from 22.1 to 22.2, some things will look different.

On LMDE, they don't do point releases - they use Debian Stable and just do the desktop updates periodically without all the fuss. I wonder if they're going to move closer to that model for everything. It would make sense.

Foundation is Apple, Amazon did take over The Expanse and did a good job with it.

Itâ(TM)s interesting since the creators tend to think thatâ(TM)s enough. The server is able to verify (and require) through user verification that a challenge was presented and answered correctly by the user. I assume that doesnâ(TM)t protect from the theoretical device that always returns yes, I do not know how they deal with the potential for nefarious authentication devices other than advising people not to use them. I am not a fan of the synced keys that are common with cell phones since it weakens the âno direct access to key materialâ(TM) design and makes key theft more of a potential problem.

They are also phishing resistant, unlike TOTP.

Thatâ(TM)s an argument against biometrics as a factor, passkeys already are MFA though.

Phone is one option but not the only one, hardware tokens like Yubikeys can also hold passkeys.

I wish articles like this would stop the focus on biometrics. It is one option to unlock the key storage but not the only one.

I guess Mission Center is mentioned but the point still stands.

Iâ(TM)ve seen this talked about a lot in the past day, but no mention or comparison to other tools that already do this, like System Monitoring Center or Mission Centerâ¦.

Other than rust, what makes this one better?

That's a good point. I am leery of software solutions like phones or password managers where the keys are synchronized (therefore key material is available "somewhere") and potentially vulnerable to yet-unknown attacks. More trusting of the hardware tokens, after some number of failed pin attempts they clear the data. No doubt there are vulnerabilities in their firmware too that will someday be discovered but I'm not a big target, I'll notice if someone steals my keys.

Then you would unlock the local passkey vault with your password instead, and that password never leaves your device.

It's not really confusion, they are using FIDO2 with a nicer name and the FIDO2 tokens can store them. A Yubikey 5 can hold 25 of them. This is a change from MFA where the Yubikey generates the response on the fly so there is no limit.

The primary user-visible difference between Passkeys and MFA, is the passwordless "Passkey" implementation locks the keys and the MFA does not. Apple's keychain for example stores both MFA and passwordless certificates as "Passkeys". It can also sync them between devices, although this is worse for security, I think Windows Hello can probably sync them too.

Passkeys are generally stored on something you have, and rely on something you know to unlock the vault, unless you choose to go with a biometric unlock instead.