We had originally planned to go all-in on passkeys for ONCE/Campfire, and we built the early authentication system entirely around that. It was not a simple setup! Handling passkeys properly is surprisingly complicated on the backend, but we got it done. Unfortunately, the user experience kinda sucked, so we ended up ripping it all out...
  • Encrypt-Keeper@lemmy.worldEnglish
    186·
    7 hours ago

    Yes, use a password manager to store your passkeys.

    Passkeys are a solution looking for a problem that hasn’t been solved already, and doing it badly.

    You say that and then

    hoping every service they log into with “password123” has it’s own TFA. And since nearly every site uses shit TFA like a text or email message

    That’s literally a problem passkeys solve and password managers don’t lol

    • ikidd@lemmy.worldEnglish
      105·
      7 hours ago

      I make the assumption people are using the password managers like they should, which is generating unique, complex passwords, which is kinda the point. Once you hit a certain number of characters on a random password, you might as well not try. And passkeys don’t solve any sort of MFA problem, same as passwords.

      And tell me something, do you realize how cunty you come off when you end a comment with “lol”?

      • Encrypt-Keeper@lemmy.worldEnglish
        116·
        7 hours ago

        And passkeys don’t solve any sort of MFA problem

        They do in fact solve this problem. Passkeys are something you have, and are secured by something you know, or something you are.

        They also solve an age-old problem with passwords, which is that regardless of how complex your password is, it can be compromised in a breach. Because you have no say in how a company stores your password. And if that company doesn’t offer 2FA or only offers sms or email verification, then you’re even more at risk. This problem doesn’t exist with passkeys.

        Edit: lol

        • sugar_in_your_tea@sh.itjust.worksEnglish
          51·
          3 hours ago

          it can be compromised in a breach

          Sure, and then that one password is compromised. Password managers make it trivial to use unique passwords for every service, so if a service is breached, you’re basically as screwed with passwords as passkeys.

          The switching cost here is high, and the security benefits are marginal in practice IMO. I’m not against passkeys, but it should be something password managers handle, and I don’t have a strong preference between TOTP baked into your PW manager and passkeys.

          • Encrypt-Keeper@lemmy.worldEnglish
            1·
            2 hours ago

            Sure, and then that one password is compromised.

            Which means that entire service you used that password to login to is compromised. If you were using passkeys however, you would have nothing compromised.

            so if a service is breached, you’re basically as screwed with passwords as passkeys.

            No… with a passkey you would be not screwed at all. You’d be entirely unaffected.

            the security benefits are marginal in practice

            I mean in your own example that’s a reduction of 100%. That’s kind of a huge difference.