> Passkeys mean that most people can just FaceID or their fingerprint everywhere and they are happy. They are happy to be locked in if it just works.
Yeah, because people are stupid.
Heading towards a future where you need to use government-approved devices which are tied to your real identity to access the internet is a recipe for disaster.
> Heading towards a future where you need to use government-approved devices which are tied to your real identity to access the internet is a recipe for disaster.
That's unrelated to passkeys. When you use your credit card to pay online, it's tied to your real identity. Many countries offered to do a lot of official stuff online (like taxes) long before passkeys.
No, it's very much related, although not guaranteed.
The reality is that many passkey implementations right now come with attestation and are closed off. That's simply not possible with passwords.
Passwords, as a concept, just can't be abused in that way. Because they're just strings of text. Passkeys, however, CAN be - and we're already seeing that happen.
It could reverse course, but then it would need to reverse course and stay reversed. Forever. Even though there's lots of money and control being left on the table.
That's a big problem.
> That's simply not possible with passwords. Passwords, as a concept, just can't be abused in that way.
Well, not with only the password, but with the mandatory 2FA app that comes with it, it's definitely possible. Source: my company does that.
And you can most definitely request the real ID before you let someone create an account, password or passkey.
I don't see a difference.
I'm stupid. I don't think passkeys actually just work. What if I get a new phone? I don't know the answer to that. I do know how to install my password manager on a new phone. Last time I got a new phone, all my 2FA authenticator codes stopped working. I switched them all to SMS.