|
|
|
|
|
|
by cyberax
356 days ago
|
|
|
> Right, that makes such a system unusable for normal people, so it is not a good thing to force it upon them. Whut? Passkeys work perfectly fine for "normal people". > The benefit is not clearly there because anything that can manipulate local memory can also just use the key directly Correct. But it does require fairly high level of system access. Hardware-bound keys also allow full hardware-attested authentication. > Normal people are however not concerned with these Mission Impossible scenarios, and random passwords are good enough while being easy to use without an IT department to fix when it goes wrong. If you're using truly random passwords, then you're using a password manager. And if you're using a password manager, then why not just use passkeys? All the popular password managers support them: BitWarden, 1Pass, iCloud Keychain, even LastPass. |
|
|
Also like I keep saying, every browser already has a password manager. You don't need an external one. Notably though, Firefox's password manager doesn't support software passkeys, so they are completely unusable for me, for example. I'm certainly not going to sign up for some SaaS so I can use a worse version of passwords.