zlacker

>>caust1+(OP)
Just like every other piece on passkeys it does not justify them, at all.

Passwords have problems, but less than putting all authentication secrets in a single basket or ecosystem is (which is what big tech fundamentally wants).

Passkeys are a solution to a manufactured problem, and keeps getting pushed because it is a useful big tech honey trap that solidifies their user's captivity in their ecosystems.

>>_Alger+u81
This is an extremely bad take. Webauthn and Passkeys do not necessitate handing over control to "big tech". They are standards implemented by open source projects as well as megacorps. Webauthn offers substantially better security than passwords, which we should all be moving away from by now.

Disclaimer; I work in security so my opinions are informed by actually knowing what I'm talking about.

>>greent+wh1
> Webauthn and Passkeys do not necessitate handing over control to "big tech".

Attestation enables a relying party to deny users the right of using their own software or devices. That hands over control.

>>eadmun+Mi1
Apple and Google discontinued attestation when they introduced passkeys. It's gone.

There are still lots of problems with passkeys, but it's worth staying up to date if you want to contribute to that discussion.

>>lxgr+ku1
> Apple and Google discontinued attestation when they introduced passkeys. It's gone.

It would be great if you’re correct, but these references sure seem to indicate that attestation is still a thing.

Microsoft, November 2024: https://learn.microsoft.com/en-us/entra/identity/authenticat...

Yubico: https://developers.yubico.com/Passkeys/Passkey_relying_party...

Apple: https://developer.apple.com/documentation/devicemanagement/s...

Apple: https://support.apple.com/guide/deployment/managed-device-at...

Google, September 2024: https://android-developers.googleblog.com/2024/09/attestatio...

A Tour of WebAuthn, December 2024 (aka the fine article): https://www.imperialviolet.org/tourofwebauthn/tourofwebauthn...