top | item 42610024

(no title)

I shared the concern around vendor lock-in initially, and I still do to some extent… but this can be quite easily mitigated by registering multiple passkeys for each account. Where I use them, I have at least two of {iCloud Keychain, hardware FIDO2 key, Google Password Manager}.

CTAP2 works nicely over Bluetooth and NFC so you can usually use these credentials even on machines which don’t integrate with your keychain of course. I actually find them extremely convenient and they’re obviously more secure than passwords across a broad range of common attacks.

As with passwords, they will be misused by vendors and clueless users alike, and it’s up to us to (a) use them correctly for ourselves (maintaining redundancy) and (b) encourage our less tech-fluent friends and family to do the same.

All around though, I think they’re a considerable win for convenience and security.

discuss

No comments yet.