> And the safest way to do identity is to have it be destructable and remakable on the fly.

It might be the safest, but it defeats lot of the purpose of identity. There is a reason it is a hassle to change your email address... so many services are tied to that identity. You can change it, but you have to change every service that is relying on it as your identity, and you still have to own your old email so you can prove to the service that you are the same person.

I am not sure how you could ever avoid this problem? The purpose of an identity is to be able to tell that one request is made by the same person who made a previous request... persistence is a requirement.

▲

jrm4 2 hours ago | parent [-]

Yes. And as much as I hate "well, users should just be smarter and deal with inconvenience," I think it may fit here.

Identity is always hard, and I strongly doubt there is any great way that makes it "easier" and still safe.

Aka, yes please kill passkeys, or at least be super upfront and informative.

"When you use passkeys, you are giving your keys to Apple or Google, and they cannot guarantee safety."

	▲	iamnothere 35 minutes ago \| parent [-]
		It may be that different types of identity are preferable for different use cases, rather than converging on a single system. > "When you use passkeys, you are giving your keys to Apple or Google, and they cannot guarantee safety." Not true with hardware passkeys, which also add a true second factor. Central passkeys are a problem, though.