[sirn]

> What if I don't want to pay for Bitwarden, or buy a smartphone, or tie my log-ins to my computer?

Even with passwords, you'd still need an application or a device for 2FA, unless you keep a pack of scratch cards with you everywhere. So unless you go out of the way to avoid 2FA or use scratch cards, I don't think this change anything from the status quo, only now you have one less thing to remember.

[vouaobrasil]

Well, 2FA was the first step in making devices more entrenched. Passkeys are just the next step. So, it's not exactly passkeys in isolation that is the problem, but the lock-in to technology (and big tech for most people), and passkeys being another discrete but significant step in the process.

[fauigerzigerk]

On the contrary. Passkeys free us from complete dependence on mobile devices (and the telcos that distribute SIM cards) because passkeys can live on any number of desktop computers.

[vouaobrasil]

That is certainly a good point, but it doesn't free "us", only those smart enough not to use their phones for this purpose.

[fauigerzigerk]

I said "passkeys free us from complete dependence on mobile devices". Complete dependence means not having other options. Passkeys give us other options - all of us, not just those of us who decide to use those options at any moment time.

If most people use their phone for login that's fine. Many people don't even have another device.

What we should push for is passkey export, migration and backup features. The most likely lever that big tech could use for lock-in is making it near impossible to move those passkeys out of their closed ecosystems.

[sirn]

I'm curious – if open standards such as 2FA (TOTP) and Passkeys are considered locked-in, what would be a solution in your mind for an authentication scheme that doesn't subject to the inherent problems of passwords (phishing, weak passwords, password reuse, database exposure, etc.) that fits your requirement?

[vouaobrasil]

Reducing our dependence on the internet. If we do that, then internet accounts themselves will be less valuable and less prone to hacking.

[philistine]

So you’d solve the problem of passkeys being, at this very moment difficult albeit not impossible to move, by dismantling the modern financial system?

I do remind you that all money transactions are done electronically. You’d have us go back to checks?

[vouaobrasil]

> You’d have us go back to checks?

I would dismantle big tech first. The banking systems would still exist. But I don't think cheques were too bad.