I am going to be giving some public talks about passkeys in the next few months. What questions do you have about passkeys and what topics do you want covered in me exploring passkeys?
Discussion
Replies:
17
Boosts:
3
@rmondello I think the whole topic of (most) password managers locking the passkeys inside them with no export/import or other way to access them is on many peoples minds (mine included).
(e.g.: How do I create an offline backup? How do I sync them between devices, if I don‘t want to sign up for any cloud service, but also can‘t put them on a USB stick?)
@rmondello when are passkeys going to be PQC ready and how will this work? Will this involve reenrolment at some point in the future for existing passkeys?
I'm not worried, I know we have plenty of time and I have my own ideasiintuition (but I'd love them confirmed or contradicted by someone who actually knows 😊)
@rmondello passkeys and 2FA. do we need an otp token if our device already ask for biometric/password?
@rmondello what is the best way for families to use passkeys for shared accounts? How can "legacy" accounts with passkeys be accessed after the primary user dies?
@rmondello What happens if my iCloud gets full? What happens if Apple blocks access to my account for whatever reason?
@rmondello how secure are they really, and are they worth their inconvenience and ickiness?
@rmondello how can they be exported/backupped in a secure way across devices?
@rmondello my parents are starting to get old and they want to make sure their children and/or people they've granted power of attorney to can access their online accounts in case they're incapacitated or infirm. How can we do this with passkeys?
@rmondello why are all the big companies asking us over and over to create passkeys and they won't take no for an answer?
talk about passkeys on a USB security key (which makes me feel like I am in control) vs passkeys opaquely saved to local disk (which I feel like I dont control). Or even worse, saved somewhere hidden on the cloud
@rmondello The most important thing that's missing from all passkey stuff I've ever seen is a 5 minute introduction that can be understood by non-technical people; probably using concrete examples and a demo. (Even if the presentations are for technical people, this would help understand them passkeys.)
@rmondello Are there best practices for websites/apps implementing passkeys? One of the things I find frustrating is that lots of sites have different processes for logging in (do you put your email address innfirst? Click a button? Enter your password?!)
@rmondello are, and if so how, are they different than Fido2 or webauthn and all that? They seem all similar but idk if it’s actually the same or not
@rmondello How can I store my Apple account passkey in my third party password manager?
@brandonbutler Today, you cannot. If and when that changes I will yell it from the rooftops.
