| ▲ | estimator7292 5 days ago | ||||||||||||||||
This is not a feature of passkeys, this is a feature of each and every individual provider building their own unique reset flow. Not every provider does this correctly. Just yesterday I saw someone complaining on mastodon about their passkeys being locked and requiring a phone call to get reset. Passkeys are exactly as resettable as passwords, which depends on your provider actually implementing things correctly. | |||||||||||||||||
| ▲ | Groxx 5 days ago | parent [-] | ||||||||||||||||
tbh I think it's safe to claim they're strictly inferior to passwords, though in almost all cases they're literally identical (as you point out). e.g. that phone call case: some places will tell you a temporary password (over the phone) to enter next time, and then you come up with a new one when you log in. there is no equivalent flow for passkeys, because you can't enter them by hand. a site could of course build that for passkeys (like a temporary password with special UI for entering it), but literally every site with passwords can do that by default, it just needs a general admin UI which almost always exists. (most I've encountered will email you a temp password, and in principle you could email a temp passkey too... but that doesn't work by phone / for manual entry, and is there a spec on that file format? I don't think so? in your password manager right now: is there a place to manually import a passkey for a website? half of mine don't have one for passkeys, but every single one I've ever seen has a way to manually enter a password) | |||||||||||||||||
| |||||||||||||||||