“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday.

  • 2xsaiko
    link
    fedilink
    English
    241 month ago

    I’m not convinced this is a good idea. Resident keys as the primary mechanism were already a big mistake, syncing keys between devices was questionable at best (the original concept, which hardware keys still have, is the key can never be extracted), and now you’ve got this. One of the great parts about security keys (the original ones!) is that you authenticate devices instead of having a single secret shared between every device. This just seems like going further away from that in trying to engineer themselves out of the corner they got themselves into with bullshit decisions.

    Let me link this post again (written by the Kanidm developer). Passkeys: A Shattered Dream. I think it still holds up.

    • @[email protected]
      link
      fedilink
      English
      19
      edit-2
      1 month ago

      The author of your blog post comes to this conclusion:

      So do yourself a favour. Get something like bitwarden or if you like self hosting get vaultwarden. Let it generate your passwords and manage them. If you really want passkeys, put them in a password manager you control. But don’t use a platform controlled passkey store, and be very careful with security keys.

      The protocol (CXP) which the article is about, would allow you to export the passkeys from the “platform controlled passkey store” and import them into e.g. Bitwarden. So i would imagine the author being in favor of the protocol.