pull down to refresh
249 sats \ 4 replies \ @ek 5 Aug \ parent \ on: Passkeys are just passwords that require a password manager - Dan Fabulich security
Here's one: Not being able to export your passkeys makes you dependent on the password manager. If you want to switch, you now have to setup new passkeys for every website where you use them.
And if a password manager allows export (or other reasons in the future), it apparently might be possible to mark them as "insecure" and ban their passkeys if attestation will be mandatory, see this Github comment:
and this one.
Just that this might become possible makes me want to stick to password+TOTPs.
Not being able to export your passkeys makes you dependent on the password manager.
Is it not possible to migrate between tools? I don't mean that companies aren't implementing this. I mean is it not allowed by the spec.
But again. The people that need this are not you and I. Its people that WILL export their keys in plain text on their desktop...
reply
If that solves vendor lock-in, then I'm just worried about possible attestation stuff
reply
reply
One of the attempts was SQRL - Secure Quick Reliable Login
reply