[tjoff]

>If you lose one you have one safely secured that can get you into any service you need to.

Even that is not good enough, by a longshot. This is so much worse than even regular passwords.

It works for corporatiosn. Lost your key? Go to IT and generate a new one.

It does not work for individuals.

[potatoz2]

If you don’t trust yourself to have backup keys, you use the Google or Apple ecosystem. As long as you can get back into your Google or iCloud account, you can get back into every other passkey-protected website. You can also use third-party “cloud” password managers if you prefer.

WebAuthn lets you dial the convenience/security tradeoff exactly however you prefer. I’ll be using hardware tokens, but I’ll be telling non-technical people to use their existing smartphones.

[tjoff]

It's not that I don't trust myself to have backup keys it is that the workflow is completely broken.

You have to manually add each key on every service. And you can typically at best only add two keys.

It is not a working system for individuals.

[selykg]

You realize you can have multiple devices for Passkeys, right?

It’s webauthn. Which means you can have one or more of the following, in any mix you wish: yubikey, iPhone, Android device, password manager that has said they’ll support this (1Password, Bitwarden, Dashlane, and probably more).

Password managers will sync the private keys between devices as well. So, as long as you can access your password manager you should be able to use that.

[tjoff]

You can't sync between yubikeys so not sure what that would add to the mix.

[selykg]

Bro, you're just being difficult here.

You have choices now, whereas before you had basically one.

Yubikey offers you a hardware device specifically for this purpose. It can't be copied and it really is the definition of something you know and something you have. It has pros and cons, one of those cons being that if you want to use them you are stuck having multiple devices, one for a backup.

Don't like that con? Well, play the game a little and you have additional options coming. Such as the solutions from password managers and platforms like Apple and iOS. Add your sites in a password manager and it'll sync between devices, you basically only have to add one single thing (your password manager) and as long as you have password manager access you can sign in to those sites anywhere that your password manager is available, and where it isn't you gain the QR code passkey option that is being added.

You can mix and match this to your hearts content. Want to use a Yubikey as a backup? Add the device to your sites, stash it away where necessary. Yes, the con of having to add it to each site is still there but it is an option. Want to use all of these? Sure can. Add your iOS device, your password manager, and your Yubikey.

Want to only use one? Just add that device. But you might be foot gunning yourself without backups depending on which you use.

Stop being difficult and just use your head a little.

[tjoff]

Not at all. The options truly suck and makes passwords seem like a godsend. Which it is, until you are forced to use these crappy solutions that only aid in you getting locked out of your digital life and where you have no control of your logins.

I truly hope there is something better coming out of this because this is a nightmare.