| EDIT: I know many people love their Apple devices and take criticism of that company as a personal attack, but please consider that I speak from experience of a US person whose laptop and cellphone were stolen in Poland in 2022. Instead of downvoting, please help me understand: how would one re-gain access to services used with passkeys in this scenario? Note that T-Mobile won't ship a SIM card overseas. ----- Great reason to not use Apple ecosystem. Having a cellphone / laptop broken and/or stolen is enough hassle without all the authentication being tied to the device that you aren't likely to use for more than a couple of years anyway. And yes, things like that actually happen to people who are not CEO of Apple. Especially while traveling, when your other devices are far away. It sounds like someone decided to reinvent 2FA hardware in the worse way, combining the inconvenience of needing a physical key with all the hassles of password and adding a million ways for the key to self-destruct. Oh, the passkeys can be transferred through the cloud? Explain like I'm five how that's more secure than email/SMS OTP for authentication then (which are an awful thing too, but at least I can have my own email). So we have one more link in the security theater that I absolutely trust is more secure than having passwords.txt in Dropbox (how is it different, again?). From a user's perspective, passkeys sound like a solution in search of a problem. The only thing I can see passkeys doing for me is locking me out of my accounts when I need them most. Or facilitating other parties in that. |