| ▲ | coldpie 3 hours ago | |||||||
> If you're finding workarounds to violate the security design, you're not gaining any advantage by using passkeys. The trouble is, if websites are allowed/encouraged to ban clients, then the advantages you're talking about come with the downside of hard-tying yourself to one of 3 US-based Big Tech companies, because those will be the only ones who will ship clients declared "secure." That's not a trade-off I'm willing to make for something as critical as my service logins. You can already see this happening, almost every article talking about passkeys assumes you're logging in with an Apple, Google, or Microsoft device. > Then you follow the procedure you would follow for when you'd forget your password. Probably a password reset through email, maybe calling customer support. This is a downgrade from passwords (and exportable passkeys), where I can just restore it from a backup. > Just use a password if you want to use a password. Yeah, that's what I plan to keep doing, unfortunately. What I'm worried about is a password-less future where that's no longer an option and we all have to submit to using one of Android, iOS, or Windows to log in to everything because those are the only clients that can be trusted(TM) to handle the user's data as the big tech companies and governments desire it to be handled. This is a dark future. | ||||||||
| ▲ | an hour ago | parent | next [-] | |||||||
| [deleted] | ||||||||
| ▲ | Magnusmaster 2 hours ago | parent | prev [-] | |||||||
You already need to submit to iOS or stock Android for a myriad of banking or government apps that use remote attestation to verify that you are running "untampered" software. Remote attestation is evil. | ||||||||
| ||||||||