| I like this part from Register article > When I click “add key,” three different bits of software compete for my attention. > First up is the password manager, offering to store a passkey. (This is the first time passkeys have shown up in this process – you can begin to see how a casual user might be getting confused.) I don’t want the password manager to be involved in this case, so I dismiss the window. > Next up, a window appears from macOS asking me if I would like to use TouchID to “sign in” (to what? – I am already signed in to the website) and to save a passkey. Again, note the different terminology. When I dismiss that window, it is time for the browser to have a go, offering me four ways to save a passkey, including finally the option to store it on the hardware token. I insert the USB key and proceed. > I think we can all agree that this is a confusing experience, with three different systems fighting to be the One True Place To Store Passkeys, along with the inconsistency of terminology (passkeys or security keys) and use cases (password replacement or strong second factor?) > It’s like every piece of software wants to “help” but there is noone looking at the system-level behavior where these different bits of software interact with each other and the end user. I’ve encouraged my wife (a social scientist not a computer scientist) to adopt a password manager and 2FA, and she’s very willing to follow my lead, but the confusion of terminology and bewildering arrays of options frequently (and understandably) leads to complete frustration on her part. https://www.theregister.com/2024/11/17/passkeys_passwords/ |