• Encrypt-Keeper@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    2
    ·
    edit-2
    2 months ago

    I thought passkeys were supposed to be a hardware device?

    Did you just admit to not even knowing what a passkey is and then decide to continue to write another two paragraphs passing judgement on them and the motives behind them anyway?

    • drspod@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      5
      ·
      2 months ago

      If you think that I’m misunderstanding something and arguing from a false premise then please feel free to engage with the discussion.

      • Encrypt-Keeper@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        2
        ·
        edit-2
        2 months ago

        I don’t think that, you said that. It’s the very first sentence of your comment. You literally said that you misunderstood them to be hardware keys.

        And yes, everything else you said is demonstrably false as well. The FIDO alliance and even specifically the companies within it that are pushing Passkeys the most, are advocating for them to be cross platform without any lock in. 1Password is one of the companies pushing for passkeys, they’re even behind the https://passkeys.directory and allow you to securely import and export passkeys so you aren’t locked in. They also made recent changes to the spec itself to make moving and owning passkeys easier. And that’s not even to mention the fact that Passkeys are just key pair, which don’t require any platform or technology to implement that isn’t built into your device.

          • Encrypt-Keeper@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            1
            ·
            2 months ago

            Yes, the author is also suffering from the same misconceptions and doesn’t really understand passkeys beyond the surface level, so he doesn’t know that the problems he has with them don’t exist.

            He then goes on to reason that because passkeys might result in an awkward experience in exactly one extremely niche scenario, that you’re better off using passwords in a password manager that are less secure. He then proceeds to suggest the use of email as a second factor as an alternative, which destroys every shred of credibility he had. He also completely misses the fact that putting your passkeys in that very same password manager he himself is suggesting, solves the complaints that form over half of his entire argument. It’s super ironic too because the specific password manager that he’s recommending in his own article is a member of the FIDO Alliance and is literally one of the world’s biggest advocates for passkeys.