RE: https://mastodon.social/@wombatpandaa/116548872866118902
Passkeys were designed to directly address the flaws with passwords.
1. Passwords are phishable. Passkeys won’t even let you use them on the wrong website, and the “origin” you used them on is signed into the response a website gets. This protects even us, smart people who can sometimes be in a rush, from phishing.
2. Passwords are reusable, opening people up to attacks. We would never re-use a password, but most people do. Passkeys are guaranteed to be unique and strong.
3. Despite websites’ best efforts, passwords can be leaked from websites because they’re inherently a symmetric secret shared between you and the website. With passkeys, websites are storing a public key; there’s nothing for them to leak.
So how secure are they really? They’re a next-generation technology designed to address the sundry problems with passwords that cause people harm every day.
There is inconvenience with passkeys if you don’t set up an app to manage your passkeys across all your devices and your family’s devices. Get over that hurdle and you’re golden.
Regarding ickiness — yes, some websites seem to be shoving passkeys down throats. No means no and websites should respect “no”. Other websites and apps are being respectful about it. But passkeys are not a scary big tech play with an ulterior motive — they’re a W3C-backed web technology. Open standards, thoughtfully designed.
