Linux users be damned: "Chrome on Linux doesn't support passkeys with a built-in platform authenticator. Linux users can use passkeys from another device such as an Android phone or an iPhone by scanning a QR code."
It's remarkably tragic how modern computer security regimes favor authoritarian centralized control so absolutely over allowing any flexibility or user choice or say.
> or any other password manager that supports passkeys
Hopefully they will allow third party password managers to provide these to the desktop browser, even on Linux. This seems to be how 1Password etc. are planning to support passkeys.
You just use your phone. Because otherwise you need a ton of OS integration to make this work, which I guess Linux doesn’t really care about (at least for now).
I think black box OS integration defeats the point of security. If I can't access and manage the private keys myself, it's effectively a black box implementation.
Which is precisely the point of all this. You won't be able to log in to your bank without a smartphone, and since the bank's website will only be tested with Google's and Apple's implementations (which of course will slightly deviate from the actual standard), everyone who doesn't use those two platforms will be locked out.
I can't realistically see banks forcing passkey based authentication. If this is actually an open standard, why would it matter if only Google's or Apple's implantation are tested.
If only Google and Apple's implementations work, then it's not an open standard.
That's quite cynical. Neither Google nor Apple profits from their password management solutions. It's in their best interest that people use passkeys to keep their accounts secure. Less support staff for $MEGACORP, simpler logins for the masses. It's a win for everyone that doesn't have malicious intent.
> Neither Google nor Apple profits from their password management solutions.
Not directly, no. But they absolutely do profit from the fact that it's becoming increasingly difficult to lead a normal life without owning an Android or iOS device. And every development like this, where another layer of complexity is introduced with the mobile vendors leading the way, ultimately serves that goal.
It's pretty much universally understood that building a browser engine from scratch is already no longer possible. Once Mozilla gives up, it's over. The systems that govern our lives will then be completely controlled by two or three corporate entities. Every new "web standard" makes Gecko more expensive to maintain. At some point, it will become too expensive.
Many people don't seem to understand this, including in this very thread. It doesn't matter that it's an open standard. The "standard creep" alone will eventually wipe out anyone who doesn't have a development budget that's measured in the billions of dollars.