I am going to be giving some public talks about passkeys in the next few months. What questions do you have about passkeys and what topics do you want covered in me exploring passkeys?
Replies:
0
@rmondello How do they handle the edges cases when everything isn’t perfect.
Say I’m on vacation, I break my phone and buy a new one. I need to login to get my data so I can get my plane tickets to go home. If my login is a passkey, then what?
I’m at a family member’s home using their copy of TurboTax and need to login to my bank on their computer to download my records, but I have a PassKey, then what?
If the answer is fall back to password auth, then what is the point of the Passkey?
Why is there such a huge variation in implementations? On macOS Safari, some websites just login with a single click, others make me authenticate with my Apple Watch, and yes others make me enter my mac user password. Also annoying is websites that prompt for a passkey when I’m not using one. It’s all more frustrating than convenient, in my opinion.
@rmondello how can we force companies to stop using them in addition to passwords during the login flow.
I have a passkey. I don’t want to use the password!
😒
@rmondello I realize this question likely isn’t one for a talk, but mine is: why the passkey for my Apple Account can’t be saved in Passwords or a third party app like 1Password?
That’s the one passkey I “have” that doesn’t live up to portability.
@rmondello why wont they stop berating me asking me to use pass keys.
@rmondello What can developers do to support the adoption of passkeys for most people and most use cases? App developers, web developers, infra and DevOps, but also at a higher and wider level like tech orgs, in slow-moving government orgs etc.
@rmondello can I use passkeys to authenticate in command line tools? Can a command line tool request a passkey from the user?
@rmondello how can a tech-savvy user use them without being locked into a single browser?
@rmondello does "passkey" refer to HSMs like Yubikey? Are they still a good brand? I got into HSMs years ago and then dropped out. I know I'm supposed to keep at least two in case i lose one
How do the kind of regular people that constantly lose/abuse their stuff seanlessly maintain access to their accounts, even when their laptop, keys, and cellphone are lost, broken, stolen, uncharged, etc.?
What about personal catastrophies like house fires and flooding?
@rmondello passkeys for AppleIDs — handling multiple IDs for things like personal, developer, client. Etc
@bobdel @rmondello oh I’d second this question and I bet most developers would too. Apple is not great at acknowledging multiple Apple IDs!
@rmondello I don’t think one specific thing needs addressing but looking at the other replies, there is a vibe that needs to be contended with: in my experience most people’s impression of passkeys is “this is a trick that my phone and website vendors are trying to do to me, which will eventually lock me out when I lose my device”. address that central anxiety in as many different ways as you can
@rmondello I’m excited about passkeys, but I often see poor implementations deter users from using them. What’s being done to help companies implement passkeys “the right way”?
@rmondello What makes passkeys "better", and also, "better for whom"?
@rmondello what’s the best way to get buy-in from the average consumer/non-tech person?
How do we move forward as an industry to using passkeys as the single source of authentication and deleting passwords entirely from user accounts?
