• Big Tech has implemented passkeys in a way that locks users into their platforms rather than providing universal security
  • Passkeys were developed to replace passwords for better account security, but their rollout by Apple and Google has limited their potential
  • Proton Pass offers passkeys that are universal, easy to use, and available to everyone for improved online security and privacy.
    • Dark Arc@social.packetloss.gg
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      That is not the takeaway here.

      The takeaway is Passkeys are great technology but as implemented by Google, Microsoft, and Apple fall short of what they could be.

      • isles@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        7 months ago

        Are we talking in circles here? “I avoid passkeys because of Google” “Passkeys implemented by Google have problems”

        • Encrypt-Keeper@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          7 months ago

          The way out of the circle that you’ve put yourself in is realizing Google isn’t the only company implementing passkeys.

          • johannesvanderwhales@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            edit-2
            7 months ago

            And that most people are in multiple ecosystems…e.g. Android/iOS + Windows. So they can’t use a solution that’s not interoperable.

        • ItsMeSpez@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          7 months ago

          Are we talking in circles here?

          No. “I avoid passkeys because of Google” is avoiding an entire technology because of a bad implementation. “Passkeys implemented by Google have problems” is only avoiding passkeys implemented by Google, leaving using passkeys still on the table.

      • ditty@lemm.ee
        link
        fedilink
        English
        arrow-up
        0
        ·
        7 months ago

        Email was already ubiquitous and generally standardized by the time Gmail released in 2004.

        • Encrypt-Keeper@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          7 months ago

          Asymmetric cryptography has been ubiquitous and generally standardized by the time Google began letting you store Passkeys, so what’s your point?

          Is Google supporting a particular service or system a dealbreaker for you or not? Because Google has far more fingers in the public operation of email than it does passkeys. So if you’re still ok with having an email account, then you should be just as ok with using passkeys.

      • AA5B@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        7 months ago

        I’m not locked into Gmail: I know it implements standards and I choose it as long as it is most convenient.

        A lot of what comes into my gmail account is actually addressed to various aliases from various providers, and I can point those aliases anywhere

        In particular, all my recent online accounts use unique generated email addresses that I can disable at will, and that forward to my actual email

        • Encrypt-Keeper@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          7 months ago

          Well that’s great news, then you’ll like passkeys because you can use them without being locked into anything.

    • AA5B@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      7 months ago

      A lot of my hesitation is that not only are passkeys being pushed by the big vendors AND they seem to have a less than portable implementation BUT ALSO they don’t seem to give enough details. Everything is dumbed down for the less technical until it means nothing

      I like that this thread already has more actual information than all the outreach of the big vendors over months

      • Natanael@slrpnk.net
        link
        fedilink
        English
        arrow-up
        0
        ·
        7 months ago

        The spec behind it is solid, it creates per-domain cryptographic keyspairs which allows your device to prove you’re you in a standardized and secure way while avoiding adding a new way to track you across sites, and by using the device’s TPM chip to hold the key it’s also resistant to most types of manipulation.

      • Spotlight7573@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        7 months ago

        People getting their accounts compromised leads to spam email, spam comments, fake crypto livestreams, etc that impact others. Google definitely has an interest in preventing people from getting their accounts compromised and not just for the benefit of the individuals with the accounts but their platforms as a whole.