Seriously, the issue in this thread is why I think #passkeys are a ticking time bomb. Most people don't understand how they work, or that they're linked to a single device, or that they need to maintain a backup login method. Websites that support passkeys don't do enough to communicate and enforce good habits. If we continue down the passkey path, people losing access is going to be a much bigger problem in the future, and we're not ready for it. #infosec
Discussion
Loading...
Post
I see from the replies that I need to expand on what I mean here because people are asking the same questions / raising the same objections over and over. One 500-character post is not really enough to get into all the intricacies, so it's going to take a few posts for me to explain what I was getting at.
I am not saying passkeys are less secure than passwords. They are much more secure in the normal workflow. A vast improvement. I share the hope that they will eventually replace passwords.
…
I suppose it's a bit ironic that I'm posting this thread in the fediverse, where the percentage of people who don't grok computers is far, far lower than IRL.
bonfire.cafe
A space for Bonfire maintainers and contributors to communicate
Automatic federation enabled