|
|
|
|
|
|
by taeric
806 days ago
|
|
|
The point is many players are trying to find ways for your private key to be portable, too? Yes, it is a basic public key share to the services you are authenticating with, but it is how to maintain convenience at the user's side that is posing difficulties. Indeed, the first real criticism in the post is "For example, if you create a passkey on your iPhone, it easily syncs to Mac devices but is incredibly difficult to use on a Windows device." It is the private key that they are syncing to all of your devices. And they do that for you because they control all of the places that they sync. I think you can make the case that they should not sync this off device for you, but then you are in the "what happens when my device is lost/broken/stolen?" You could also argue that they should let you export the key. But then you are back into the "credentials are easily stolen." |
|
|
Regarding passkey implementation, it's up to individual websites whether they use passkey or passkey + 2FA, etc..