TechmemeApr 27, 2024

Google and Apple use passkeys to capture users by locking credentials into their platforms and have made the UX of passkeys worse than that of password managers (William Brown/Firstyear's blog-a-log)

https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/
http://www.techmeme.com/240427/p5#a240427p5

Passkeys: A Shattered Dream

Firstyear's blog

Show threadÉmilio GonzalezApr 27, 2024
@Techmeme Weird that there is no mention of the fact that passkey portability is an active working group at the FIDO alliance. This mostly reads as "I disagreed with a Google or Apple decision so now passkeys are doomed" 😬
Show threadMagnus AhltorpApr 27, 2024
@res260 @Techmeme It would make sense to actually have support, not just “working on it”. Having a working group is no guarantee for consensus or even technical viability, much less actual deployment.
Show threadÉmilio Gonzalez
@ahltorp @Techmeme I agree, but it's bad faith to imply that this is a lock down strategy. I read on some news sites (though have not seen an official statement) that google and apple plan to support such export mechanism. If we're still not there in a year then I'll start getting suspicious, but releasing passkeys on ios and android without having the export feature is not enough to say "big tech forces lock down with passkeys" imo
Apr 27, 2024 at 4:49pmWeb
Show threadMagnus AhltorpApr 27, 2024

@res260 @Techmeme I think many things regarded as “lock down strategies” are not active strategies, but passive ones. They simply don’t care enough, which from the outside looks like active menace.

Also, even public commitments often collide with other priorities, like the infamous Steve Jobs promise that Facetime would be “open”.

Show threadÉmilio GonzalezApr 27, 2024
@ahltorp @Techmeme Fair points.
Google and Apple are two of the 40+ board members of the FIDO alliance, I'd hope most other members agree that we need a portability standard for passkeys. Also Passkeys is not a closed tech or standard, like facetime is