this post was submitted on 16 Oct 2024
271 points (86.3% liked)

Technology

59651 readers
2617 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] drspod@lemmy.ml 13 points 1 month ago (1 children)

I thought passkeys were supposed to be a hardware device?

This is typical embrace/extend/extinguish behavior from the large platforms that don't want their web-SSO hegemony challenged because it would mean less data collection and less vendor lock-in.

The whole idea of passkeys provided by an online platform should have been ruled out by the specification. It completely defeats the purpose of passkeys which is that the user has everything they need to authenticate themself.

[–] EncryptKeeper@lemmy.world 3 points 1 month ago* (last edited 1 month ago) (1 children)

I thought passkeys were supposed to be a hardware device?

Did you just admit to not even knowing what a passkey is and then decide to continue to write another two paragraphs passing judgement on them and the motives behind them anyway?

[–] drspod@lemmy.ml -3 points 1 month ago (1 children)

If you think that I'm misunderstanding something and arguing from a false premise then please feel free to engage with the discussion.

[–] EncryptKeeper@lemmy.world 2 points 1 month ago* (last edited 1 month ago) (1 children)

I don’t think that, you said that. It’s the very first sentence of your comment. You literally said that you misunderstood them to be hardware keys.

And yes, everything else you said is demonstrably false as well. The FIDO alliance and even specifically the companies within it that are pushing Passkeys the most, are advocating for them to be cross platform without any lock in. 1Password is one of the companies pushing for passkeys, they’re even behind the https://passkeys.directory and allow you to securely import and export passkeys so you aren’t locked in. They also made recent changes to the spec itself to make moving and owning passkeys easier. And that’s not even to mention the fact that Passkeys are just key pair, which don’t require any platform or technology to implement that isn’t built into your device.

[–] drspod@lemmy.ml -2 points 1 month ago (1 children)
[–] EncryptKeeper@lemmy.world 3 points 1 month ago

Yes, the author is also suffering from the same misconceptions and doesn’t really understand passkeys beyond the surface level, so he doesn’t know that the problems he has with them don’t exist.

He then goes on to reason that because passkeys might result in an awkward experience in exactly one extremely niche scenario, that you’re better off using passwords in a password manager that are less secure. He then proceeds to suggest the use of email as a second factor as an alternative, which destroys every shred of credibility he had. He also completely misses the fact that putting your passkeys in that very same password manager he himself is suggesting, solves the complaints that form over half of his entire argument. It’s super ironic too because the specific password manager that he’s recommending in his own article is a member of the FIDO Alliance and is literally one of the world’s biggest advocates for passkeys.