Skip to main content

Search

Items tagged with: passkeys

While I was hopeful for #passkeys for a while, the reality at this point in time is not looking so great. What I see is fragmentation and confusion mostly caused by the big tech players.

Two examples:

  1. #amazon allows to create passkeys but for unknown reasons block #Firefox from passkey creation. Can anybody explain why would they do that in may 2024?
  2. #Apple situation for #AppleID as per https://passkeys.directory/details/apple/: "You are not yet able to save passkeys for Apple ID accounts in third-party credential managers and can only be stored in iCloud Passwords at this time."
    which means I can't create a passkey in #KeePassXC which is the password manager I love and use.

Having a hard time finding good reasons for such a fragmented and poor user experience. Since the way #Google implemented passkeys allows for flawless creation and usage of passkeys in Firefox and KeePassXC there really can't be any good reasons for amazon and Apple to behave so poorly. So what's the explanation? Intentional #LockIn and malicious intent?

Please enlighten me 💡

#Google #firefox #apple #amazon #keepassxc #passkeys #lockin #AppleID

I find this argument a bit problematic. Just because software like @Team KeePassXC gives users control and choice over their passkeys, which Apple / Google / ... currently don't, doesn't mean they are irresponsible. From what I can tell KeePassXC devs were not involved in the discussions around transfer of passkeys.

Big tech wanted to get passkeys into user hands, which is a great thing, as are passkeys in general. But the statement that it is somewhat of a lock-in situation currently is not false.

And finger-pointing at software that does give users the option to transfer passkeys at their desire is not helping I think. Especially when that aspect has not yet been standardized.

If transfer can happen in encrypted form, that is clearly preferable. You filed https://github.com/keepassxreboot/keepassxc/issues/10407 which is a good thing. The discussion shows however, that the way the debate was going on so far was not ideal.

#passkeys #security #passwordless


[Passkeys] should never be exported in clear text · Issue #10407 · keepassxreboot/keepassxc

Overview Passkeys should never be allowed to be exported in clear text. There is significant work going on across the industry on a secure migration protocol for credentials like passkeys. Please c...
GitHub
#security #passkeys #passwordless @Team KeePassXC

#Apple and #Google have hijacked passkeys to keep users locked into their walled gardens.

Here's how we can make #passkeys work for everyone: https://proton.me/blog/big-tech-passkey

Big Tech passkey implementations are a trap

Big Tech companies want to chain your passkey to their products. Enter Proton Pass, which allows you to manage and use passkeys across all devices seamlessly.
Son Nguyen (Proton)
#Google #apple #passkeys

⇧