|
|
|
|
|
|
by ballenf
538 days ago
|
|
|
I don't know. If you're in the iOS ecosystem and using iCloud syncing and Safari things are super easy and default more secure than without passkeys. The author's examples of Firefox, chrome, a password manager and a physical key apply to very technical users who seem quite capable of navigating the complexities he complains of. The vast majority of people are just not going to encounter most of his issues. I sympathize with his issues, but he's kind of complaining that fighting the ecosystem is complicated. My guess is that <<1% of people use his combination of multiple browsers a non-iCloud pw manager and a physical key on MacOS. And they're not substantially less secure than his setup. My only issue with passkeys is sites that don't seem to have them figured out yet. They'll let you setup a passkey but then offer to let you sign in with a password first. These seem to be becoming more rare, but even amazon's passkey seems random when it lets me use it. And even then it wants to send me a text message code anyway (this is probably a setting somewhere, so my fault I'm sure). |
|
|
I am not sure if that is what you're talking about, but the standard way to implement login with passkeys is to use a normal username/password form and leverage the auto-fill mechanism to offer you to sign with a passkey if it is discoverable.
Another way is to have a two-step login, where you enter your login/email in the first step, and then use passkey to login in the next.
There are benefits and drawbacks in both of them.
Also, passkey can be used with multiple authenticators (like Yubikey), and most popular websites consider that verification of the user is not implemented sufficiently for some of them to be used as the only way of authentication, so they don't allow you to login with them without a second factor (i.e. password).