Comment by SchemaLoad
2 days ago
Passkeys get synced between your devices so they aren't any more fragile than passwords in a password manager.
2 days ago
Passkeys get synced between your devices so they aren't any more fragile than passwords in a password manager.
Passkeys _may_ be synced, but that isn't guaranteed. For example a "device bound passkey" isn't synced.
There is a project under way to specify how to "sync" device-bound keys between authenticators: https://fidoalliance.org/specs/cx/cxp-v1.0-wd-20241003.html
Ideally this should have been hashed out before deploying passkeys everywhere, but I guess you can always register multiple passkeys for the sites that allow you to.
Iirc the original idea was that passkeys should be device specific. Of course that's impractical so now they're morphing to a long password that a human can't process.
In a few years someone will post "how about a long human retainable passphrase?" as a new and improved discovery.
1 reply →
The big providers only want themselves to be able to backup passkeys. I do not want to handover my secrets to Apple/Microsoft/Google.
Apple Keychain syncing is end-to-end encrypted, Apple cannot see the contents of your synced keychain.