It's hard for more people to verify whether this is actually independent from big tech. With a password, you can write it on a piece of paper. You can then type it back in. If any character doesn't match, it doesn't work. This seems like a trustworthy demonstration that it is actually independent. Passkeys have too much magic to understand in this way.
But passwords are hell for most people: they never remember them, for some reason (I don't understand it either) they really don't want to use a password manager, and they get phished.
Passkeys mean that most people can just FaceID or their fingerprint everywhere and they are happy. They are happy to be locked in if it just works.
For those of us who don't want to be locked in, we still have the possibility to not be locked in because we understand how it works.
I don't think we can do better: try to explain to normies how they should enjoy using a CLI and see how they react.
> Passkeys mean that most people can just FaceID or their fingerprint everywhere and they are happy. They are happy to be locked in if it just works.
Yeah, because people are stupid.
Heading towards a future where you need to use government-approved devices which are tied to your real identity to access the internet is a recipe for disaster.
> Heading towards a future where you need to use government-approved devices which are tied to your real identity to access the internet is a recipe for disaster.
That's unrelated to passkeys. When you use your credit card to pay online, it's tied to your real identity. Many countries offered to do a lot of official stuff online (like taxes) long before passkeys.
No, it's very much related, although not guaranteed.
The reality is that many passkey implementations right now come with attestation and are closed off. That's simply not possible with passwords.
Passwords, as a concept, just can't be abused in that way. Because they're just strings of text. Passkeys, however, CAN be - and we're already seeing that happen.
It could reverse course, but then it would need to reverse course and stay reversed. Forever. Even though there's lots of money and control being left on the table.
That's a big problem.
> That's simply not possible with passwords. Passwords, as a concept, just can't be abused in that way.
Well, not with only the password, but with the mandatory 2FA app that comes with it, it's definitely possible. Source: my company does that.
And you can most definitely request the real ID before you let someone create an account, password or passkey.
I don't see a difference.
I'm stupid. I don't think passkeys actually just work. What if I get a new phone? I don't know the answer to that. I do know how to install my password manager on a new phone. Last time I got a new phone, all my 2FA authenticator codes stopped working. I switched them all to SMS.