Can anybody explain me why #passkeys are better for the security in comparison to 2FA?
https://www.corbado.com/blog/passkeys-vs-2fa-security
All of the arguments against "normal" 2FA can be made against passkeys if adoption stops..
[1/?]
1. I don't know anybody writing down 2FA passwords or codes. This argument is wrong. This already exists on 2FA.
2. Same like 1.
3. With a sane login manager that auto fills the fields this is a non-issue as well.
Who is trying to hard to sell passkeys? And why are articles like this so dominant?
I feel like we want biometric IDs so hard that we just claim whatever we want to gain our goal.
@Anachron
> I don't know anybody writing down 2FA passwords or codes
I do! And OTPs are generated by a script on a particular machine that I call over ssh — so those aren't stored on the same machine I'm logging in from😁
@Anachron
And passkeys… I don't get that either, to me this "just rely on someone's infrastructure and expect it to be secure and comfy" sounds like bullshit🤷
@oscherler
I don't quite get your point. I don't expect my implementation to be technologically/cryptographically superior to what Apple/Google/MS can come up with — there is no need for it to be: centralised infrastructure, no matter how well defended will always remain an attractive target, my script — never will be, it's too unique and not worth the effort, this is purely practical standpoint🤷
@Anachron
@m0xee My point is that a lot of security experts agree that passkeys are better than passwords, immune to fishing, etc, yet you, obviously not a security expert, feel confident enough to suggest it’s all bullshit.