this post was submitted on 16 Oct 2024
267 points (86.2% liked)

Technology

59599 readers
3386 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] unskilled5117 90 points 1 month ago* (last edited 1 month ago) (14 children)

The problem with passkeys is that they're essentially a halfway house to a password manager, but tied to a specific platform in ways that aren't obvious to a user at all, and liable to easily leave them unable to access of their accounts.

Agreed, in its current state I wouldn‘t teach someone less technically inclined to solely rely on passkeys saved by the default platform if you plan on using different devices, it just leads to trouble.

If you're going to teach someone how to deal with all of this, and all the potential pitfalls that might lock them out of your service, you almost might as well teach them how to use a cross-platform password manager

Using a password manager is still the solution. Pick one where your passkeys can be safed and most of the authors problems are solved.

The only thing that remains is how to log in if you are not on a device you own (and don’t have the password manager). The author mentions it: the QR code approach for cross device sign in. I don’t think it’s cumbersome, i think it’s actually a great and foolproof way to sign in. I have yet to find a website which implements it though (Edit: Might be my specific setup‘s fault).

[–] exu@feditown.com 15 points 1 month ago (4 children)

QR codes are good 50% of the time; when you're trying to log in on a pc.
The reverse case is extremely annoying

[–] unskilled5117 9 points 1 month ago (1 children)

Could you elaborate? I am assuming that everbody would have the password manager on their mobile phone with them, which is used to scan the qr code. I think that’s a reasonable assumption.

I agree that if you wanted the pc to act as the authenticator (device that has the passkey) it wouldn’t work with qr codes. But is that a usecase that happens at all for average people? Does anyone login to a mobile device that you don’t own, and you only have your pc nearby and not your own mobile phone?

[–] exu@feditown.com 6 points 1 month ago (1 children)

I'm thinking of phone recovery, where you're trying to get all your stuff back on a new device.
With a password manager, simply logging in will get you there and until passkeys can be synced automatically just like passwords this will need to be handled somehow.

[–] unskilled5117 12 points 1 month ago* (last edited 1 month ago) (1 children)

I hope I am not misunderstanding you. What you are worried about is passkeys in the password manager not syncing to new devices? They are though, with password managers that support passkeys like Bitwarden, ProtonPass, 1Password etc..

Currently using it on Bitwarden, if I log in to a new device, the passkeys are there.

[–] exu@feditown.com 3 points 1 month ago

You understood correctly. Seems like I missed some news on the syncing front.

load more comments (2 replies)
load more comments (11 replies)