Follow

Any drawback for passkeys compared to passwords?

@hehemrin I think that the current state of sync seems like the biggest problem on the user end.
The design requires generating new keys for each service, and thus sync of these hundreds of keys is an absolute necessity to be able to do anything.
The big push by Apple, Google, Microsoft seems to come with a sizable dose of attempted vendor lock-in, only allowing sync among their own devices.
Hopefully third parties (like the current password managers?) can hook in and provide sync for passkeys.

@hlindqvist It was the latest episode of the pod from 1Password password manager that triggered my question. They have talked about the topic several times. At least that password manager is on their toes into integrating passkey, as a third party you wrote about.

@hehemrin Right. Hopefully such support becomes the norm across password managers sooner rather than later (and before the inevitably stronger push for passkeys adoption).

It would have been nice if the passkeys scheme had been designed in a way that didn't *increase* the live sync requirements; like with a Sqrl-like setup with a single master key that all service-specific keys are derived from. Then it would have been enough to do a once-per-device master key entry to have all your identities.

@hlindqvist Aha, oki. I have not really read how it works myself (I guess the FIDO website is best place). Must the passkey be stored on the same device as the login done, or can I type the passkey manually or somehow? I would suppose it should be possible so it is possible to login on a common/public machine. Or else some sort of YubiKey/similar device should work or may be needed. (maybe stupid questions, I am not an expert on the topic)

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml