Robert Kingett2d ago
For a while I thought #PassKeys were like a tech hype thing so big tech could lock us into their ecosystems even more, and then I started looking into them and their advantage became far clearer to me. They still have a bunch of problems for people like me that change their devices frequently, at least in internet time.
I dislike the idea of being locked out of my stuff because my device is bricked, so I started looking for ways to use PassKeys with something like #KeePass databases. The bad news for us blind folk, the more accessible Keepass app doesn't have PassKey support. The far less screen reader friendly #KeePassXC has far better PassKey support, but, as I said before, not half as screen reader friendly as the OG KeePass is, unless I am missing something.
#StrongBox, which is accessible on iOS can work with PassKeys though. This way, you can't be tied to one device.
Show threadNick2d ago

@WeirdWriter I'm personally a bit bearish on passkeys. I'm totally in favor of replacing password auth with key-based auth. My two beefs with passkeys are that I would like to be able to tie them to a hardware auth device if I choose*, and I dislike how in most contexts they seem to assume you're locked into someone's walled garden (be that Apple, MS, or Google).

That being said, if one is going to use them and not bind them to a hardware key, this seems like a good approach. And I think it's especially important that anything as foundational as authentication be accessible. I'm curious what people think is the better path to remedying this situation, adding passkey support to KeePass or improving accessibility of KeePassXC? And I wonder if throwing some money toward one or the other might help fix this (for those of us who would be so inclined).

* If anyone reading is interested in the particular issues using hardware keys with passkeys, I talk about it a bit in this thread (though I'm no expert):
https://mathstodon.xyz/@internic/115469013411719424

Show threadRobert Kingett
@internic I’m still not fully sold on them especially since they are in their infancy, and yet, everybody seems to be rushing to require them and not fixing their hardware key shortcomings. Etc. I also just really don’t like the fact that everything about them points to using them on big tech services a lot or even exclusively. It took me hours to ascertain how to use them with a database file rather than a platform, and there are loads of people that truly do think that Microsoft and otherwise are more than trustworthy
Apr 3 at 8:28pmWeb