Comment on Big Tech passkey implementations are a trap | Proton
CaptDust@sh.itjust.works 2 months ago
I’m very excited for the concept of passkeys, but indeed it is a bit of a mess right now. Android password managers can’t use passkey inside other apps, basically limited to just the browser. I hope it all gets sorted soon and everyone sticks to an open standard compatibility.
I want to be able to export my passkeys and take them with me to any other chosen implementation.
The idea of a passkey is that it is a security certificate that permanently bound to the software/hardware and can’t be exfiltrated, in the same fashion you’d make one SSH private key per device connecting to a server, never leaving the computer it was generated from.
You don’t backup your Passkeys, you associate multiple passkeys per account (ie: ProtonPass, Bitwarden, Yubikeys) as a contingency.
If you can back it up, it can be stolen.
Same; I hope the EU does something before it’s a total mess
EngineerGaming@feddit.nl 2 months ago
I have hopes for a normal implementation because KeepassXC does have passkeys now.