zlacker

[return to "A Tour of WebAuthn"]
1. _Alger+u81[view] [source] 2024-12-27 10:20:53
>>caust1+(OP)
Just like every other piece on passkeys it does not justify them, at all.

Passwords have problems, but less than putting all authentication secrets in a single basket or ecosystem is (which is what big tech fundamentally wants).

Passkeys are a solution to a manufactured problem, and keeps getting pushed because it is a useful big tech honey trap that solidifies their user's captivity in their ecosystems.

◧◩
2. greent+wh1[view] [source] 2024-12-27 12:55:24
>>_Alger+u81
This is an extremely bad take. Webauthn and Passkeys do not necessitate handing over control to "big tech". They are standards implemented by open source projects as well as megacorps. Webauthn offers substantially better security than passwords, which we should all be moving away from by now.

Disclaimer; I work in security so my opinions are informed by actually knowing what I'm talking about.

◧◩◪
3. mardif+2q1[view] [source] 2024-12-27 14:25:25
>>greent+wh1
It might provide more security but no, more security isn't the only metric when it comes to user facing stuff like this. If it was some implementation detail in a b2b service sure. But there are a lot more variables to take into account than just "how secure it is". As a trivial example, being able to recover an account is insecure by definition, yet is almost always necessary for any user created accounts.
[go to top]