| ▲ | eddyg 5 days ago |
| Passkeys are fantastic for the vast majority of the population. They solve oodles of problems. No more teaching ${FAMILY_MEMBER} about good passwords, password re-use, trying to explain how to use a password manager, etc. Instead: create passkey, done. Then it's seamless login whether they're on their computer, phone or tablet. As a tech-savvy user fully aware of the underlying machinations involved with passkeys, I greatly prefer their simple, fast login experience over: username submit password submit TOTP submit, and especially over the much-worse "we've emailed you a code" login slog. |
|
| ▲ | 201984 5 days ago | parent | next [-] |
| It's great until they break their phone, or spill coffee on it, or just lose it, and now they are locked out of EVERYTHING with no good way to get back in. Passwords on a piece of paper for better or worse do not have that problem. |
| |
| ▲ | eddyg 5 days ago | parent | next [-] | | Only if they're not backing up their phone, which seems insane in this day and age. And even if they're not, if they have a computer or tablet, the passkey will still be available there assuming they share an account. You can also recover your iCloud Keychain via a designated/trusted Recovery Contact (e.g. spouse, who presumably hasn't destroyed their phone at the exact same time), or via iCloud Keychain escrow. https://support.apple.com/guide/iphone/passwords-devices-iph... | | | |
| ▲ | jesseendahl 4 days ago | parent | prev | next [-] | | Both of the major smartphone companies (Google and Apple) have pretty robust account recovery processes. Are you familiar with all the options they have? Your comment gives me the impression that you are making assumptions about what would happen, instead of doing research on how it actually works. I experienced Google's recently and it was very robust. Even before passkeys, the average user would have major problems if Apple and Google didn't have good account recovery processes. | |
| ▲ | Barrin92 5 days ago | parent | prev | next [-] | | >with no good way to get back in. which is why at the very least your email provider gives you a recovery kit to print out (the equivalent of the notebook) and if you can get back into that account you'll likely be able to get into whatever else you signed up for. There's no difference here between passkeys and any other central storage be it a password manager or a physical notebook. If you lose that access, well you're screwed. But it always beats having hotdog123 as your password for 70 different sites. | | |
| ▲ | 201984 5 days ago | parent [-] | | Password managers can be backed up onto USB drives pretty easily, and copies can be made of paper. It's much more difficult to make comparable backups of passkeys due to all the "anti phishing" / vendor lock-in rules most platforms have. |
| |
| ▲ | eli 5 days ago | parent | prev | next [-] | | Android syncs them to your Google account and iPhone to your iCloud account by default. Which isn't a perfect solution but, again, is pretty good for most people. | | |
| ▲ | 201984 5 days ago | parent | next [-] | | And I just found out recently that you can't log into Google on a desktop without responding to a prompt on your Android phone. Which, if you broke said phone, you can't do. This is without 2fa enabled on my Google account. | | |
| ▲ | Groxx 5 days ago | parent | next [-] | | There are a few alternate options like email or sms (I've used them several times, you have no option if you erase your only actively-used phone occasionally), but yeah. Google effectively forces 2FA whether you like it or not. | |
| ▲ | eli 5 days ago | parent | prev [-] | | I don't think this is correct | | |
| |
| ▲ | ubertaco 5 days ago | parent | prev | next [-] | | And that's great, as long as you're totally cool with access to _any_ of your accounts _anywhere_ being completely controlled by either Apple or Google. | | |
| ▲ | eli 5 days ago | parent [-] | | I was just correcting the parent post that implied the passkeys were only stored on the device. Personally I do not use that feature. I'm also pretty sure I don't have any accounts that can ONLY be accessed via passkey. |
| |
| ▲ | hshdhdhj4444 5 days ago | parent | prev [-] | | Have you ever been locked out of your Apple account? Maybe because your kid was playing with your phone and kept entering the wrong passcode and now you’re locked out for several hours? Or because Apple detests anyone else touching your phone and you’re traveling internationally and your screen cracked and you took it to a local repair shop which in the process of replacing the screen triggered something Apple didn’t like and you’re locked out for a decade. |
| |
| ▲ | 5 days ago | parent | prev [-] | | [deleted] |
|
|
| ▲ | eli 5 days ago | parent | prev | next [-] |
| You omitted my favorite feature: virtually immune to phishing. You can't accidentally submit a passkey to a lookalike domain. For phishing protection, passkey as a single factor is better than memorized password + TOTP/SMS two factor. |
|
| ▲ | noAnswer 5 days ago | parent | prev | next [-] |
| How does the secret jump from the PC to their phone? How do they know each other? ...does the answer involve going all-in on Apple forever? |
| |
| ▲ | timmyc123 5 days ago | parent | next [-] | | Your credential manager provides this sync and backup capability. There are dozens of credential managers available that work on all platforms. You don't have to use the default one on any given platform. Bitwarden is my personal choice. | | |
| ▲ | spencerflem 4 days ago | parent [-] | | I still don’t like that I can’t use them on a computer that I can’t download bitwarden on. Library computer, etc. Passwords I can see myself and make the informed decision to use temporarily somewhere else. | | |
| ▲ | Too a day ago | parent [-] | | When was the last time you used a library computer, let alone logged onto a private service with it? This was a bad idea even 20 years ago. In today’s security climate, aw hell no. | | |
| ▲ | spencerflem a day ago | parent [-] | | Or my sisters laptop. & Fairly recently actually, to print something. Most accounts I don’t care that much about & two factor should be enough to save me I hope. |
|
|
| |
| ▲ | eddyg 5 days ago | parent | prev [-] | | iCloud Keychain (or whatever the Google equivalent is). And as I said, it's a fantastic solution for the vast majority of the population (which, coincidentally, are also not Hacker News readers). | | |
|
|
| ▲ | lazide 5 days ago | parent | prev [-] |
| Huh? I’ve seen zero implementations that work seamlessly across computer, phone, tablet - unless they are all single platform, which I have yet to see anyone actually pull off. |
| |
| ▲ | eddyg 5 days ago | parent | next [-] | | It's a beautifully simple experience for Apple users across all their devices. I can't speak for other platforms; I stopped helping ${EXTENDED_FAMILY} with non-Apple questions because the crap I had to diagnose, debug and deal with for Windows and Android was worse than ${DAY_JOB}. | |
| ▲ | happyopossum 5 days ago | parent | prev | next [-] | | There are nearly countless ones - 1password for example works everywhere, as does Roboform, bitwarden, keepass, LastPass, nordpass, and many others. All sync seamlessly and support the major (and often minor) browsers. | |
| ▲ | timmyc123 5 days ago | parent | prev [-] | | Google Password Manager, Bitwarden, 1Password among many others. |
|
