How do people using #passkeys migrate from one vault to another?
=> More informations about this toot | More toots from bouncing@twit.social
@bouncing it's not ready yet, but eventually software that manages passkeys and other credentials will implement the Credential Exchange Protocol: https://fidoalliance.org/specs/cx/cxp-v1.0-wd-20240522.html
=> More informations about this toot | More toots from Cldfire@hachyderm.io
@Cldfire Apple is notably absent from the roster of contributors. Presumably they and Google will be the biggest vault providers. Have they committed at all to this? 😬
=> More informations about this toot | More toots from bouncing@twit.social
@bouncing I'm not sure if they've committed or not, but I have no reason to believe that they wouldn't end up implementing it
=> More informations about this toot | More toots from Cldfire@hachyderm.io
@bouncing The idea is that you don’t. You should register another passkey.
That approach, especially when using hardware keys, is pretty secure.
But…
They could have decided to distinguish between “secure hardware” and “easy software” but didn’t.
So there is ongoing work for export/interchange of passkeys - which, with some expertise in key management, is a horrible idea. But this is what the average user expects…
=> More informations about this toot | More toots from lennybacon@infosec.exchange
@lennybacon Expectations on users have to be realistic. For example, if losing a hardware key locked you out of every site you sign into, no one would knowingly use such a key.
And the average person has what — 200 entries in a password manager? Registering passkeys twice every time you switch dongles or ecosystems won’t work.
=> More informations about this toot | More toots from bouncing@twit.social This content has been proxied by September (ba2dc).Proxy Information
text/gemini