Huge day for passkeys!
Starting today, you can set up a passkey for your Google account. At this stage of the industry-wide transition, setting up a passkey doesn’t invalidate your password, so it’s 100% safe to set up. https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/
So, call me an idiot here, but I don't see the massive benefit to this over passwords, since it's more or less just putting the access credentials to multiple accounts under access to a single other account or device anyway, requiring the user to have access to multiple services and/or devices that may (or may not) play nicely with each other to begin with.
Just seems like it's trading multiple small-scale failure points for one big one in the long run?
What am I missing?
I know too many folks who already find having to multiple confirm login credentials over multiple devices/identities to be a hassle, not a convenience feature, and more often than not those folks still prefer to keep the same passwords/access credentials between those devices to begin with despite the security risks of that.
Heck, it annoys the bajeezus out of me that Steam more or less requires the user have a smart phone to make use of the application's features half the time.
I also feel like this makes device dependency an even greater risk than it already is/can be for basic day to day tasks, since not all devices (especially not budget ones) have great cameras or fingerprint readers, and PINs are just shorter, more easily deciphered passwords.
Again, I'd love to know why/how something like this is ultimately better, specifically for end users, and most especially for those who may not be hyper-focused on keeping up to date on tech (or just poor.)
Ricky Mondello
GuerillaGrue
WovenTales