|
|
|
|
|
|
by donmcronald
922 days ago
|
|
|
I'm bullish and I think Passkeys, or some variant of on-behalf-of attestation, could be on of the worst technology related things to ever happen to the average person. The reason I'm bullish is because all of the entrenched tech players are pushing them. The reason I think it's terrible is because the entire concept is dangerous. It's "one thing you have" (a key) that can attest to your identity. Whether or not that's attesting for you or against you is yet to be seen and I'd bet the farm on against. As soon as tech companies have the ability to force you into using some type of device for authentication and authorization, I think the floodgates will open on abuse. It's a huge building block on the road to ensuring people never own anything, because per-use access can easily be gated now, and I think that's why big tech wants it so bad. They're going to get "a cut" for doing the auth, so why not, right? It doesn't matter if tech enthusiasts resist either. We've seen the same story play out over and over. Developers gave Apple the keys to the kingdom for app distribution and rolled over as Adobe started charging subscriptions for desktop software. As soon as enough uninformed users accept what they're being pushed, it'll become a requirement and your options will be capitulation or exclusion. Consider whether or not you'd want the right to use your car tied to a passkey that contacts the manufacturer, attests to your identity (authentication), and needs to get a token (authorization) before it'll start. People would never tolerate a password requirement to start their car, but a Passkey that's built in (ex: to a phone or watch) and works OTA via the cell network will easily be sold as good security, but it's really just to benefit the company leasing you the car because they can revoke access at any time. |
|
|
Please take note of what @donmcronald says here - phrased before I could, and better than I could.
The concept of Passkeys sounds great, but the way it will be implemented will result in a massively net-negative privacy impact that will be very hard to escape from.