Jonathan Kamens 86 47
@jik@federate.social  ·  activity timestamp 3 days ago

Seriously, the issue in this thread is why I think #passkeys are a ticking time bomb. Most people don't understand how they work, or that they're linked to a single device, or that they need to maintain a backup login method. Websites that support passkeys don't do enough to communicate and enforce good habits. If we continue down the passkey path, people losing access is going to be a much bigger problem in the future, and we're not ready for it. #infosec
Jonathan Kamens 86 47
@jik@federate.social replied  ·  activity timestamp 2 days ago

I see from the replies that I need to expand on what I mean here because people are asking the same questions / raising the same objections over and over. One 500-character post is not really enough to get into all the intricacies, so it's going to take a few posts for me to explain what I was getting at.
I am not saying passkeys are less secure than passwords. They are much more secure in the normal workflow. A vast improvement. I share the hope that they will eventually replace passwords.