[tacker2000]

In the tech world, security is mostly just a theater , it is used to push though unwanted and unpopular things, like access control, privacy invasion, etc...

All this signing business, leads to one party having the final say, and guess what, they are going to abuse that power...

[mcdeltat]

Because some people realised that insurance is the ultimate form of security? Why prevent failure when the consequences of failure can simply be offloaded to others?

[palata]

I think it's just like in software in general: most software is bad, but it doesn't mean that all software is bad and unnecessary.

Most security is done badly, but it doesn't mean that security is unnecessary.

But I agree: TooBigTech has TooMuchPower.

[coldpie]

> But I agree: TooBigTech has TooMuchPower.

Passkeys are here to improve your login security! All you have to do is give complete control over your ability to log in to a service to one of three American big tech companies. Yay!

[palata]

Or you spend 5 minutes reading about them and use a passkey you actually own?

Many times, people choose TooBigTech. People are generally waaaay too lazy to even consider spending some brain cycles on that.

[coldpie]

Unless the service you are trying to log in to requires you to only use an approved authenticator, as is explicitly supported by the spec[1].

[1] "To be very honest here, you risk having KeePassXC blocked by relying parties." https://github.com/keepassxreboot/keepassxc/issues/10407#iss...

More examples here https://fy.blackhats.net.au/blog/2025-12-17-yep-passkeys-sti...

[palata]

Right, that sucks. But the service could also only allow you to use the Google SSO, it's not really a problem coming from the passkeys...

[balamatom]

Sacrifice principles for pragmatism and you lose both.