You're viewing a single thread.
Passkeys are a great idea, but everyone involved seems like they want the process to be as much of a pain in the dick as possible. So until the industry pulls it's collective head out of its collective ass (not going to hold my breath on that one), it'll be passwords+2FA for me.
It feels like everyone is trying to tie people to their platform. Oh, and also use the opportunity to force shit like "no custom ROMs or bootloader unlocking" on Android at the same time.
Are custom ROMs or bootloader unlocking an issue for the passkey ecosystem? Not something I'd seen commented on yet.
Jesus Christ, dude, that is exactly it.
We're trying to implement passkeys at work and the testing has been an absolute nightmare. Literally have no control over the onboarding experience because each tech giant is clamoring over each other, interjecting into the process to be the "home" for your passkeys. It's bananas.
When it's all set up, it's kinda great! But getting set up in the first place is an exercise in frustration.
It's a chance for them to lock you (normies) into their platform forever. They're not going to give that up.
Silly.
Edit: my bet is the experience was so ridiculously frustrating, Chrome/Google actually saw some attrition - maybe enough people made Yahoo! Mail accounts that Google noticed
I hate 2fa so much, I never thought they would come up with anything more irritating. Little did I know.
I really like 2FA as long as it's TOTP and I can use an offline app or program for it. It just works and is very easy and secure.
Yeah it should be "Password+TOTP"
Until you lose the device with the 2fa app and can't ever get into those accounts again. I've heard that horror story before and I avoid those apps because of it.
Write down your set up codes on a piece of paper (or, just the important ones to get access to your digital backups) the others can live within your app of choice.
(Keepass2Android is a great, free app. Just toss a couple of coins to your dev if you're feeling generous)
Lots of these apps let you export the entire vault as a file. I use this to import it on other devices. I currently have it on my phone (Aegis) and my pc (OTPClient) and is very satisfied with the experience.
I also have encrypted backups on a USB flash drive, an external HDD and five separate cloud services. I trust this solution.
I'm glad they have options, but if you don't know you're supposed to do that then it doesn't help you after something goes wrong. Most people don't know to prep for that.