WingNews logo WingNews
top | item 46303577

(no title)

jmsgwd | 2 months ago

I keep hearing it repeated, but where does this "tied to a single device" idea come from?

The default, built-for-the-masses implementation of passkeys is called "synced passkeys". They are designed to sync between all your enrolled devices, ideally using end-to-end encryption.

You authenticate with whatever device you happen to be using at the time - phone, tablet, laptop, desktop - doesn't matter. If you lose one, you replace that device and re-enroll - then all your passkeys magically re-appear on the new device.

If you're cross-platform, modern password managers work across ecosystems - for example, 1Password syncs passkeys between Mac, Windows, iOS, Android, and Linux. If you're all-in on Apple, their native passkey implementation syncs passkeys between all your Apple devices. I thought Google and Microsoft do something similar now.

It's a real mystery why people believe passkeys have to be stored on your phone only.

discuss

order

everfrustrated|2 months ago

If I use windows at home (gaming), mac at work and android on my phone - how exactly are these supposed to seamlessly work together?

jmsgwd|2 months ago

There are many cross-platform password managers that sync very nicely, which would solve for the machines you control - the Windows gaming machine and Android phone.

For machines you don't control, such as your employer Mac, well that's a special case. In theory you can use "FIDO Cross-Device Authentication", which is a passkey flow designed specifically for authenticating on one device using a passkey stored on a different device, and involves scanning a QR code.

I've never tried this though. Personally I tend to avoid mixing personal stuff with work stuff, so the problem rarely arises.

spencerflem|2 months ago

Because by default, they do, and you have to explicitly install software to let it be moved. And even if you do, it’s discouraged and the spec is allowed to deny you access.

timmyc123|2 months ago

This is not correct. The default credential manager on all devices except for Windows, creates synced passkeys. And Windows will be changing soon.

timmyc123|2 months ago

> it’s discouraged

Why do you say that? There are billions of synced passkeys being used by users with some of the largest sites and services in the world.

jmsgwd|2 months ago

> Because by default, they do, and you have to explicitly install software to let it be moved

Apple's native passkey implementation doesn't require doesn't require you to install extra software, and the passkeys sync by default. I thought Google's and Microsoft's were similar - but I haven't tried them.

> And even if you do, it’s discouraged

Really? Where is it discouraged? I thought synced passkeys are intended as the solution for consumers.

> the spec is allowed to deny you access

Yeah but I thought that's for enterprise use cases, not consumer. E.g. employers that want to enforce device type restrictions on their employees.