Recent searches
Search options
Are you using Passkeys? And where are they saved?
BTW, this poll is inspired by conversations around my latest essay here: https://mkennedy.codes/posts/passkey-great-but-careful-of-the-lock-in/
@mkennedy I love passkeys but the main downside for me is that every website that supports it has its own implementation and if feels like passkey users are second rate citizens.
Maybe a more strict implementation or standard framework/library could help.
@Kev_Prime I hear that. As long as there is also an option to keep your username/password, then it’s probably fine. If it were only passkeys, I’d be worried.
@mkennedy Yeah some security folks have stated that by having the old username password available it defeats the security purpose of passkey.
Having the traditional private key password hashes stored on a server still allows them to be exfiltrated or abused if a a hackzer were to breach.
One benefit of passkey is that it's not stored on a company server so it's harder to mass compromise accounts and if a bad actors did gain access to a company's infrastructure they can't access your passkey as it's on your device. But if the same account has username password enabled for login without forcing 2FA of the passkey your still owned.
@Kev_Prime Hey, that’s a fair concern. Passkeys are safer for data loss. But they are also way more likely to get you locked out of a service because something didn’t sync to somewhere correctly. I would content that companies that are good enough at security to offer passkeys, probably have strong hashing/encryption and it’s the ones that don’t offer them at all are the ones that also store passwords without salt, with a one hash iteration, etc.