Comment by reddalo
17 hours ago
I'm also completely against passkeys. A safe password and a good password manager are way better, they don't lock you into any platform.
It's super sad to see all kinds of websites offering you to add a passkey when you log in.
> A safe password and a good password manager are way better, they don't lock you into any platform.
An open, cross-platform passkey implementation does all that too, and on top of that prevents you from accidental password leaks via logs, MITM etc. by default.
> It's super sad to see all kinds of websites offering you to add a passkey when you log in.
As long as they're not forcing you to add one, what exactly is your problem with having more choice?
Personally, I am grateful for every site that doesn't require my phone number to sign up and uses passkeys for authentication instead, yet I also don't want SMS authentication banned for everybody since I understand it currently works better than Passkeys for many people.
passkeys are a great idea, but poorly implemented
I was planning to make use of passkeys when logging on to various services, so I ordered three physical devices, supporting passkeys (yubikey). I ordered USB C and USB A variants, with NFC support.
Is this a mistake? I am already using password manager and totp for my accounts, but I am tired of dealing with passwords.
Even when using a password manager (bitwarden in my case), it just get tedious bringing out my phone, starting auth app, locating the correct account, reading 6 digit token and logging on.
No it's not a mistake. But say you lose the Yubikey, or you're away from home. How do you deal with that? You still need a password somehow.
Sure. But I think that is same scenario as me loosing my phone today, since I use that for two factor auth.
My plan was to continue using bitwarden for passwords as well, but more as a break-glass mechanism that I really use. I want to use passkeys mostly for convinience.