• drspod
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    6
    ·
    2 months ago

    I thought passkeys were supposed to be a hardware device?

    This is typical embrace/extend/extinguish behavior from the large platforms that don’t want their web-SSO hegemony challenged because it would mean less data collection and less vendor lock-in.

    The whole idea of passkeys provided by an online platform should have been ruled out by the specification. It completely defeats the purpose of passkeys which is that the user has everything they need to authenticate themself.

    • Encrypt-Keeper@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      2
      ·
      edit-2
      2 months ago

      I thought passkeys were supposed to be a hardware device?

      Did you just admit to not even knowing what a passkey is and then decide to continue to write another two paragraphs passing judgement on them and the motives behind them anyway?

      • drspod
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        5
        ·
        2 months ago

        If you think that I’m misunderstanding something and arguing from a false premise then please feel free to engage with the discussion.

        • Encrypt-Keeper@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          2
          ·
          edit-2
          2 months ago

          I don’t think that, you said that. It’s the very first sentence of your comment. You literally said that you misunderstood them to be hardware keys.

          And yes, everything else you said is demonstrably false as well. The FIDO alliance and even specifically the companies within it that are pushing Passkeys the most, are advocating for them to be cross platform without any lock in. 1Password is one of the companies pushing for passkeys, they’re even behind the https://passkeys.directory and allow you to securely import and export passkeys so you aren’t locked in. They also made recent changes to the spec itself to make moving and owning passkeys easier. And that’s not even to mention the fact that Passkeys are just key pair, which don’t require any platform or technology to implement that isn’t built into your device.

          • drspod
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            4
            ·
            2 months ago

            Did you read the article?

            • Encrypt-Keeper@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              arrow-down
              1
              ·
              2 months ago

              Yes, the author is also suffering from the same misconceptions and doesn’t really understand passkeys beyond the surface level, so he doesn’t know that the problems he has with them don’t exist.

              He then goes on to reason that because passkeys might result in an awkward experience in exactly one extremely niche scenario, that you’re better off using passwords in a password manager that are less secure. He then proceeds to suggest the use of email as a second factor as an alternative, which destroys every shred of credibility he had. He also completely misses the fact that putting your passkeys in that very same password manager he himself is suggesting, solves the complaints that form over half of his entire argument. It’s super ironic too because the specific password manager that he’s recommending in his own article is a member of the FIDO Alliance and is literally one of the world’s biggest advocates for passkeys.