Passkeys were hot last year, don’t seem to be catching on, here’s one view of why that is. Dark and sobering but convincing: https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/
@timbray I'll admit that I have a half dozen articles open in my browser tabs from the last 12 months, and I still don't grok what supposed to do/expect as end user through my cycle of new devices, new services, credential changes, etc....
@vbabka I guess once again "enshittification" is used for "anything I don't like" just like people use "fascist" for "anyone who disagrees with me."
In both cases, it's a loudness war that removes the range required to have a constructive discussion.
@MikeBeas @sil @objc So if I'm using 1password and syncing between my laptop & phone, the same passkey can be used on both?
[Definitely getting the feeling that 1Password is the leader at making these things usable. Having said, that, I have yet to convince any nontechnical person to use any password manager aside from the ones in the browsers.]
@flameeyes @timbray Nice article.
I guess password logins and password managers are the IPv4 of authentication?
@aerique given the way I talk about it, it sounds right https://flameeyes.blog/tag/ipv6/?mtm_campaign=social&mtm_kwd=mastodon
Password Managers are pretty much the NAT, except less hacky, but similarly solving most of the problems without a full overhaul.
@timbray @sil @objc Yes, it works like anything else you sync via a password manager. Several password managers support them.
For non-technical users, storing them in the system keychain is fine. They’re end-to-end encrypted and synced via iCloud or the Google password manager, same as regular passwords. You can scan a QR code on other devices that aren’t able to sync them (Windows or whatever) and login from your phone. It’s a pretty painless process.
@timbray this has been my experience with them as well. Most of the time passkeys just *do not work* for me.
And I’m a tech nerd deep into the open source computing space, have helped develop cross-desktop standards, and help translate between the nerdiest engineers I’ve met and various levels of less-technical folks. If I can’t get it to work reliably, I don’t think there is hope for most people. 😅
@timbray I’ve been locked out of my PlayStation account, my Google passkey just never works (on my Google Pixel phone, no less), my phone thinks I have passkeys for accounts I have never used a passkey with… it’s a mess.
I want it to work. But holy crap the experience has been terrible. I think they were rolled out way too aggressively before pretty fundamental user experience concerns were addressed—let alone the abysmal (non-existent) user education.
1/2 Remember, I started by linking to an article criticizing passkeys, and then again noting my shock at the much-hotter-than-usual response I got. Mike is correct that the furore in my comments is not proof of anything. It would be incorrect to say “anecdotal evidence is not evidence”. It is indeed evidence; many major discoveries start by someone saying “that’s weird.” It is weird.
@objc @matt @MikeBeas @sil 2/2 Maybe there’s something about my followers that makes them predisposed to hate passkeys? Maybe passkeys are a great idea that have suffered from bad UI implementations? Maybe passkeys have a design flaw that gets in the way of good UI? All those are plausible explanations for the observed evidence.