pull down to refresh
142 sats \ 0 replies \ @kepford 5 Aug \ on: Passkeys are just passwords that require a password manager - Dan Fabulich security
As they say in the article they are also a public / private key auth unlike passwords you don't have the ability to create a weak one. At least that is my understanding. Its new and many password managers and sites are still working out the kinks in their implementations. I haven't dove into them yet fully. Just been experimenting.
The problem with taking this critique out of context is that you have to realize that most people do not use a password manager and even though it is way easier to do so than not, people aren't doing it. They make bad passwords or reuse them or both. They enter their passwords in phishing sites. Users are more dumb when it comes to tech than most of us in bitcoin realize. If you are the tech person in your family you know what I mean.
We will see if they catch on. As Dan points out, lock in is a concern for me as well. Bitwarden seems to be the best option to avoid that so far but I don't know how well migration works to other passwords/passkey managers. For those that don't know you can self host Bitwarden or use a free account with them. I think most people will use Apple or Google though. That's not good but it is likely better than what they are doing now.