Article discussing the push for passkeys as an alternative to passwords, including numerous problems associated with passkeys like big companies agenda, complicated proprietary implementations, vendor lock-in requirements and dependency on smartphones, dubious value for ordinary users, and misplaced purpose and value, hype and security, lax IT practices and constant private data leaks, psychological reasons why modern Web and email are interactive and phishing-prone due to profit-driven design, wrongness of clickable links, practice of information-only communication, severe implications for privacy and freedom in so-called modern solutions, some other observations, and more

I think this is relevant for Europe because the Passkey technology, being exclusively in the hands of smartphone OS vendors and platforms like Google, Apple, and Microsoft, has very strong implications on European digital souvereignity. Basically, if you use passkeys to access accounts, the vendors can switch off your access to all your accounts at once, because you won’t have working copies of your keys and devices.

  • cron@feddit.orgEnglish
    11·
    23 hours ago

    This article is IMO factually wrong. Just take one example:

    Passkeys only solve one use case - phishing where the user inputs their password and MFA into a fake site.

    Passkeys solve a few issues:

    • Phishing resistent
    • Unique per site (e.g. protection against credential stuffing)
    • Immune against brute force attacks
    • And offer an (optional) way to log in with biometrics

    This tech is clearly not perfect, but not as bad as this article suggests.

    Also, you can store passkeys in a password vault like bitwarden and have it available on all your devices.