Ricky MondelloMay 8
I am going to be giving some public talks about passkeys in the next few months. What questions do you have about passkeys and what topics do you want covered in me exploring passkeys?
Show threadBootless BuckMay 8

@rmondello How do they handle the edges cases when everything isn’t perfect.

Say I’m on vacation, I break my phone and buy a new one. I need to login to get my data so I can get my plane tickets to go home. If my login is a passkey, then what?

I’m at a family member’s home using their copy of TurboTax and need to login to my bank on their computer to download my records, but I have a PassKey, then what?

If the answer is fall back to password auth, then what is the point of the Passkey?

Show threadNicolás AlvarezMay 10
@bootlessbuck @rmondello If I don't use passkeys, then if I lose my phone and buy a new one, I still need to login to my password manager to be able to login to the airline website, because I have a long random password for the airline that I can't possibly remember. But if I can use my password manager (be it Bitwarden or iCloud Keychain or whatever) then I have access to my passkeys too.
Show threadBootless Buck

@nicolas17 @rmondello If everything is using a passkey, how is that initial logon done? Passkeys seem to rely on an unbroken chain of access, or require some other secondary form of auth.

I also question the value of passkeys for someone already using long random passwords with a pw manager. It seems the main benefit would be forcing normal users into a password manager. If they are saved in a single browser and work by “magic” this is going to be a confusing nightmare when they hit edge cases.

May 10 at 8:59pmWeb