| > There are no equivalent, easy option Of course there is, the equivalent easy option is passkeys without vendor lock-in. Vendor lock-in does not make any of this easier or simpler. Also note that current platform-offered password managers already allow syncing to new devices, so even for the people who are saying "I only want to use my Google account", syncing passwords through their Google account to Android is just as easy as using passkeys would be. > Average Joe has brand loyalty so that they will stay in whatever. Usually. If one goes to Samsung, they usually stay there - even if Pixel is better. This is just not true. I see people switch ecosystems all the time, and when they refuse to switch ecosystems, the reason they usually give is "it would be too annoying to port everything." Lock-in is something that affects ordinary people, I see this all the time. > Where is the 2FA for dropbox or bitwarden? is that file supposed to be accessible without 2FA? Weren't you just arguing for simplicity? The average user doesn't use 2FA. They should, but they don't because it's too complicated for them. ---- But this is silly, we've graduated from "people need a simple solution" to "any solution that involves anything other than a Google or iCloud account doesn't count as simple." Which, sure, if your definition of simple is literally "the passwords stay in your Google account" then only putting keys in a Google account will do. But it's a pretty tautological definition. And also a definition that doesn't hold up for ordinary users in my experience. People do actually understand that there are passwords for services other than Google and Microsoft because they interact with those systems today just fine. Pretty provably they can handle that level of complexity because that level of complexity is embedded in every single service that we use today. But let's assume you're right. Even under that criteria, even if your definition of simplicity is "I sign in with an Apple/Google password and that's it, and it has to be specifically an Apple/Google password -- I want to re-emphasize that current password vaults with Google/Apple already handle this use case fine today just as simply as passkeys do, so there's still no extra simplicity or ease-of-use with passkey synchronization. At best, for those users it's as easy to sync a passkey as it would be to use a password manager. But password sync to new phones on log-in is already supported natively if you use the native built-in password managers (ie, the same password managers you'd be using for passkey). Even under the most restrictive criteria with the least possible number of steps for syncing -- password vaults can be synced just as easily if not easier than passkeys can be. |