Michael Gale6d ago

I don't like #Passkeys over #Passphrase and #MFA (edit: specifically, rotating pin codes via a password manager or dedicated auth app)

Am I wrong? or is it the children who are wrong. #Security #Privacy

Show threadBlake Garner6d ago
@miclgael we have not yet succeeded in telling the right story to average users. Consistent UX and automating the approach so text or email validation automatically sets up passkey instead of giving people the constant cred verification flow.
Show threadMichael Gale

@trode who is the "we" in this story? Just curious.

My understanding of passkey is "a device is now your auth instead of an app"

and since apps are (usually) multi-platform and devices (typically) die every other year, it just seems inferior in every way, from a practical perspective.

Jun 16 at 6:46amWeb
Show threadChaz Haws5d ago

@miclgael @trode The big problem right now is that every #passkey implementation is different.

A thing that sidetracks people is worrying about ‘moving a passkey from one system to another’, instead set up a passkey in each trusted system.

Unless of course the server didn’t implement passkeys right and it doesn’t support multiple passkeys, if that happens I won’t use them.

It’s actually great, it’s just too much damn research. (On the server side too.)

I’m hopeful it’ll get there eventually.

Show threadMichael Gale5d ago

@chazh @trode I get what you're saying but my first thought reading the last line was

ah like VR, NFTs and Betamax 😅

Show threadChaz Haws5d ago
@miclgael @trode Ah, but in those cases there were workable alternatives and passwords still suck quite a lot.
Show threadChaz Haws5d ago
@miclgael @trode But really you’re not wrong they’re not a great experience.