Toot
Written by gigantos on 2024-10-24 at 05:34
@nsa I just wish they fixed the usability flaws in the spec.
For example:
- there is no way to check if a user has a passkey and let the user log in with it seamlessly. To check, the user will get a popup and be asked for verification, and then shown an empty list if none is available.
- there is no standard way to annotate the passkeys in a good way, so when you open the security settings on the server, you just get a list of passkeys with very little information per entry.
- passkeys never expire, so if you get the opportunity to add one to some users account, they are backdoored "forever"
- if a website loses your passkey, a new one can't be created until you also delete the existing one on the client
- there is no way to sync across ecosystems, passkeys is the perfect vendor-lockin scheme, and will benefit Google and Apple for decades to come
With that said, passkeys beat passwords every time, and I still want them to win
=> More informations about this toot | View the thread | More toots from gigantos@social.linux.pizza
Mentions
=> View nsa@hachyderm.io profile
Tags
Proxy Information
- Original URL
- gemini://mastogem.picasoft.net/toot/113360770276914594
- Status Code
- Success (20)
- Meta
text/gemini- Capsule Response Time
- 221.906092 milliseconds
- Gemini-to-HTML Time
- 0.445636 milliseconds
This content has been proxied by September (3851b).