Quote: Put more simply, because passkeys link to your hardware — primarily your phone, this secure device becomes a digital key for all critical accounts.
Is anyone else avoiding passkeys like the plague and tired of sites' prompting a change from 2FA to passkeys with no option to silence the prompting for future logins? <glares at Amazon>
I run the opposite direction whenever I see a passkey pop-up. I do a lot of IT support for small businesses, non-profits, and old people, and more concerning to me is the way passkeys are presented. Or, more accurately, not presented.
They say "this will be really helpful" and present it as 1) a benefit to the user, and 2) there's no other option, or opt out. There's barely any mention of a passkey, nor any education about what is going to happen when they hit "continue", and who will be responsible when it goes wrong (and that the service won't help them get their account access back).
It's scary how prevalent this has become, how quickly it happened, and how bad of an idea it is.
I hate the word "upgrade" here, since passkeys are a major downgrade to users' freedom. A password manager and TOTP give you all of the security benefits of passkeys without the downsides.
5 comments
[ 2.9 ms ] story [ 19.5 ms ] threadWait. My phone is secure??
They say "this will be really helpful" and present it as 1) a benefit to the user, and 2) there's no other option, or opt out. There's barely any mention of a passkey, nor any education about what is going to happen when they hit "continue", and who will be responsible when it goes wrong (and that the service won't help them get their account access back).
It's scary how prevalent this has become, how quickly it happened, and how bad of an idea it is.