Looks like a huge amount of security vendors are working to have a secure and open standard for passkey portability between platforms.

It is always good to see major collaboration in the security space like this considering the harsh opinions that users of some of these vendors have toward many of the others. I just wish apps and sites would stop making me login with username and password if passkeys are meant to replace that lol.

  • lud@lemm.ee
    link
    fedilink
    arrow-up
    0
    ·
    20 days ago

    I personally like it. Imo passkeys should optimally be device bound and the private keys should be stored in TPM or equivalent and be non-exportable.

    • Petter1@lemm.ee
      link
      fedilink
      arrow-up
      0
      ·
      20 days ago

      Well, nothing is stopping you to keep passkeys only in one place, why force others to do what you like? Now we have options and less friction to switch to a competitor. Which results in more competition and that results in better products. Well theoretically…

      • lud@lemm.ee
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        20 days ago

        I just don’t think synced passkeys should be the default for example iOS.

        What Microsoft is doing with device-bound passkeys using Windows Hello is imo great.

        • Petter1@lemm.ee
          link
          fedilink
          arrow-up
          0
          ·
          19 days ago

          So microsoft does not require that you backup your passkeys? I thought that was the norm in all OS 😅

          I think that passkeys are backed up in cloud by default isn’t that bad for the average person, since they are likely not understanding passkeys (at least right now) and don’t get that they loose access to accounts, if they disable oldscool Passwords only use one passkey on one device for that account.

          • lud@lemm.ee
            link
            fedilink
            arrow-up
            0
            ·
            19 days ago

            You usually don’t lose access though. Passkeys rarely replace passwords so you could still use your password or reset it if you don’t remember it.