|
|
|
|
|
|
by danShumway
1112 days ago
|
|
|
Passkey proponents have played really fast and loose with the word "sync" in my experience. No reasonable outside observer would call this syncing, it's cross-device sign-in. It's like saying you can sync your OTP-provider to your desktop computer because when you go to log into a website you manually copy the code into a form. That's not how most people understand the word "sync." What people are excited about here (assuming the details are good) is actual sync -- the ability to take your iCloud passkeys and literally move them to a new device outside of Apple's ecosystem as a mass operation rather than site-by-site. And that's really good and I'm excited about it and I hope that it addresses all of my issues. But its frustrating to see people still misrepresenting what's capable with the ecosystem today even under a positive announcement that signals that the actual concerns are getting addressed. It's so weird, I don't know of any other open standard I've seen where the proponents are so creative about acting like the ecosystem already supports things that aren't supported yet, and it's a huge reason why I remain skeptical of the passkey ecosystem -- because there are good-faith actors telling me to trust them but they're surrounded by people who are straight-up giving incorrect answers to basic questions like "is sync supported." I don't get it. If the limitations are going to be addressed, what is the value in pretending that they don't exist? How does the ecosystem benefit from that? All it does is decrease trust, to the point where I feel like I need to double-check every assurance I get from FIDO advocates to make sure that they're not redefining words. |
|
|