zlacker

[return to "A Tour of WebAuthn"]
1. _Alger+u81[view] [source] 2024-12-27 10:20:53
>>caust1+(OP)
Just like every other piece on passkeys it does not justify them, at all.

Passwords have problems, but less than putting all authentication secrets in a single basket or ecosystem is (which is what big tech fundamentally wants).

Passkeys are a solution to a manufactured problem, and keeps getting pushed because it is a useful big tech honey trap that solidifies their user's captivity in their ecosystems.

◧◩
2. reddal+4a1[view] [source] 2024-12-27 10:48:16
>>_Alger+u81
100% agree. Passwords + OTPs are the best solution, IMO. No big tech can control this, and it's easy to keep a grasp on all the credentials we have.

WebAuthn? No, thanks.

◧◩◪
3. former+9e1[view] [source] 2024-12-27 12:05:30
>>reddal+4a1
How does big tech exert control over your usage of WebAuthn?
◧◩◪◨
4. eadmun+0j1[view] [source] 2024-12-27 13:15:53
>>former+9e1
By enabling relying parties to blacklist or whitelist the devices their users are allowed to use.

It’s one more brick in the wall preventing general-purpose computing. Want to authenticate to Banana Computers? Well, you have to use one of their oDevices, because they will not let you use a RoboPhone to store your passkeys.

◧◩◪◨⬒
5. growse+ev2[view] [source] 2024-12-27 21:55:42
>>eadmun+0j1
Yeah, you're missing the point of why attestation is in the spec in the first place.

Show me a widely available service that filters authenticators based on attestation attributes?

[go to top]