The problem with passkeys is that they're essentially a halfway house to a password manager, but tied to a specific platform in ways that aren't obvious to a user at all, and liable to easily leave them unable to access of their accounts. Much the same way that two-factor authentication can do, but worse, since you're not even aware of it.
pull down to refresh
related posts
268 sats \ 3 replies \ @JesseJames 1 Apr
I would slightly disagree, not to say that ain't no problems but there are less issues with them.
First off, you do need a password manager; no human can remember all the different passwords to all the resources you access. With that in place, you need to pick one that meets your criteria - namely, to support passkey and hopefully on all platforms you use (MacOS, Linux, Web, Windows, whatever). After that is settled and you have your password manager on your windows, your mac , your browser and iPhone, life gets easier since you store them in your smart password manager. The icky feeling I have is still you have to "trust" someone (your smart password manager provider) not to f-up (tall order one might think) and keep you safe. That is a risk not everyone is willing to take. So, in my humble opinion, passkeys are not inherently bad; it's the implementation you choose that is important and worth a lot of your time to plan properly and educate your users.
reply
197 sats \ 2 replies \ @shadowybadger 2 Apr
I wonder what percentage of internet users use password managers
reply
62 sats \ 1 reply \ @WeAreAllSatoshi 2 Apr
I suspect very low.
reply
0 sats \ 0 replies \ @JesseJames 2 Apr
what makes you think that? My IT view is skewed since we all use it, but out in the wild? Why you think is low? You mean most people use browser feature for that?
reply
286 sats \ 0 replies \ @kepford 1 Apr
I've listened to the passkey pitch a few times and Im still not sold. This quote makes a great point. I've tested them with Bitwarden and they work but I am a long way from sold on them replacing passwords and being better than passwords and 2FA combined. If someone doesn't resuse passwords and uses 2FA passwords aren't really a problem IMO.
I guess you could say that passkeys make you use a tool but that's also the barrier to entry.
reply
0 sats \ 0 replies \ @N00c 7 Apr freebie
Yeah, that’s definitely a legit concern. Passkeys are cool in theory phishing-resistant, easy to use, no need to remember stuff but in practice, they can feel like a bit of a trap if you don’t fully get how they work. The fact that they’re often locked into an ecosystem (like Apple or Google) means if you lose access to your device and don’t have a backup, you’re basically screwed.
It’s kinda like a password manager that you don’t even realize you’re using and that’s the sketchy part. At least with a password manager, you know where your stuff is and you can export it if needed. With passkeys, if the platform doesn’t offer good portability or recovery options, you’re in trouble.