Passkeys might really kill passwords - eviltoast

Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing… that lives on my phone? What if I lose my phone? What if you steal my phone?

    • lolcatnip@reddthat.com
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      1
      ·
      edit-2
      9 months ago

      Why? Passwords are already used a lot less that they would need to be if we didn’t have things like OAuth tokens, the FIDO2 protocol for 2FA devices, biometrics, etc.

      Why should I have to type a password to authenticate myself to a website when I’ve already authenticated myself to the device I’m using and it can present the web site with credentials that prove in who I claim to be?

      • mvirts@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        I think this makes sense for many low impact scenarios, but there’s always going to be a set of services that I dont want to trust to the same provider. For me its my bank, even though passwords have plenty of flaws, and i am trusting my phone to protect tap pay tokens, i would never link my bank login to my google account so I use a memorized password.

        of course this is tinfoil hat territory because a threat to my passcodes would probably involve breaking the security systems on android.

        • lolcatnip@reddthat.com
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 months ago

          I think passcodes currently get consolidated with an entity like Google, but I’ve read Bitwarden is adding support for them. It definitely won’t be an issue long term.