Ricky MondelloDec 30, 2024
I vibe with this. Does anyone have any examples of where and how any vendor’s dialogs around passkeys might lead people astray? The more feedback, the better.
https://infosec.exchange/@adamshostack/113743707996398149
Adam Shostack :donor: :rebelverified: (@[email protected])

@[email protected] I think the biggest thing is to (a) ensure dialogs are clear about what software is presenting them (b) where it plans to store the key and (c) letting people configure what their preference is for passkey management. Err, “things are”

Infosec Exchange
Show threadEric deRuiterDec 30, 2024

@rmondello @adamshostack I think getting prompted for a passkey when using 1Password, declining to add one, and then Chrome or Apple jump in that maybe you'll save it with them. Like this https://mastodon.social/@ridogi/112967019327128836

My experience as an IT consultant is people try to avoid passkeys (they get prompted at login and choose set up later), or they have created passkeys but don't understand how they created them, where they are stored, or how to use them.

Show threadRicky MondelloDec 30, 2024
@ridogi @adamshostack https://hachyderm.io/@rmondello/113743765133597292
Ricky Mondello (@[email protected])

@[email protected] I think it’s been a profound mistake on 1Password’s part that 1Password on desktop intentionally ignores the platform-native way to plug passkey data into web browsers and instead implements passkeys by hijacking the web API via their browser extension. (On iOS, however, they properly integrate as a data source.)

Hachyderm.io
Show threadsnowy
@rmondello @ridogi @adamshostack oh my gosh I have been begging and annoying 1Password on various socials and their community site to use native macOS autofill api (what 2-3 years that api has been around s). It is maddening 🤯and frustrating. my wife has accidentally saved passwords 2 places. not her fault cause she uses the native autofill on iOS for 1Password. Why the heck is not on macOS?! …argh rant over
Dec 31, 2024 at 12:09amWeb