←back to thread

FIDO Alliance publishes new spec to let users move passkeys across providers

(fidoalliance.org)
225 points Terretta | 1 comments | 15 Oct 24 12:18 UTC | HN request time: 0s | source
Show context
karlkloss ◴[17 Oct 24 07:09 UTC] No.41867156[source]
If they can be moved, they can be stolen. This'll boost acceptance, but also open a can of worms.
replies(3): >>41867234 #>>41867321 #>>41871670 #
reshlo ◴[17 Oct 24 07:42 UTC] No.41867321[source]
Passkeys are terrifying, and I don’t understand why the companies pushing them are doing so. What are their motives? What do they gain from catastrophically increasing the risk that users completely lose access to our ability to conduct our lives?

If someone steals my phone today, I can still access most of my accounts, and can regain access quickly to the others.

Now let’s assume passkeys are ubiquitous and used to log in to every website.

If they can’t be exported, then your entire digital existence is at the mercy of whatever device or technology platform you use to store your passkeys. If you lose access to the platform, you also permanently lose access to every single account you’ve ever signed up for. For me, that would include losing access to my retirement savings, tax records, and the ability to communicate with many of my friends, to give a few examples.

My computer also doesn’t have Bluetooth, which means I can no longer log in to any websites on it even when I do have access to my passkeys.

replies(2): >>41867346 #>>41867814 #
1. ForHackernews ◴[17 Oct 24 09:21 UTC] No.41867814[source]
> I don’t understand why the companies pushing them are doing so

> your entire digital existence is at the mercy of whatever device or technology platform you use to store your passkeys.