Comment on Passkeys Explained: The End of Passwords
hummingbird@lemmy.world 1 day ago
You missed some disadvantages. For example the UX and complexity are terrible.
Comment on Passkeys Explained: The End of Passwords
hummingbird@lemmy.world 1 day ago
You missed some disadvantages. For example the UX and complexity are terrible.
Septimaeus@infosec.pub 1 day ago
The passkey options I’ve come across so far are as close to push-button as I can imagine.
Do you mean from the developer perspective, like the complexity of the API/workflow?
asmoranomar@lemmy.world 18 hours ago
Perhaps he means the process of setting it up. Or when it doesn’t work. Or when passkeys are lost. Or using another device. A lot of people’s complaints about passkeys aren’t really about when it works.
It’s valid I think, but also some people forget passwords can have similar experiences. For one, there seems to be this idea that if you lose your passkey you get locked out of your account forever. The recovery process should be no different than losing your password.
Septimaeus@infosec.pub 17 hours ago
I could see that. I’ve only found a few in the wild (mostly just enterprise, niche tech-related, and big platform web apps) but there’s probably some clunky implementations out there I haven’t suffered through yet.
True, plenty in this thread even. IIRC there’s usually a recovery key process same as a typical authenticator MFA, sometimes other routes in addition like combining multiple other MFAs or recovery contact assignment. Regardless, completely losing PW manager access across devices would presumably be the more immediate crisis for most.