Passwords have problems, but passkeys have more

49 points by duncans 10 months ago | 4 comments
  • p0seidon 10 months ago
    This rant is utterly factless and at an absolute novice level. It is correct that building a passkey-first system (without fallbacks) is not possible today, but that's like going all in on Google Social login and then ranting about why not all users can access the system.
    • bad_user 10 months ago
      Passkeys are never going to be possible without fallbacks, for the same reason that hardware keys aren't possible: people frequently lose their devices.

      And if people let Google handle their passkeys, then it's equivalent to going all in the Google Social login.

      Passkeys have absolutely no advantage over using a password manager. If your browser can generate, store and autofill passwords, then we're talking about the same level of convenience.

      I don't mind passkeys, but that's only because I use them with a cross-platform password manager that I can trust. And it will be a really long time before I recommend the use of passkeys to my family and friends.

    • tbeseda 10 months ago
      > we built the early authentication system entirely around [Passkeys]. It was not a simple setup!

      it is though

      > Handling passkeys properly is surprisingly complicated on the backend,

      it's not though

      > but we got it done. Unfortunately, the user experience kinda sucked,

      true

      > so we ended up ripping it all out again.

      fair enough, but don't couch that in misdirection about the spec and work involved.

      • klingoff 10 months ago
        The relying party not being able to assume the user can take one secret with them is a feature that comes with a cost.. The lack of a reference correct relying party library in each language is a reason that cost is too high.