←back to thread

FIDO Alliance publishes new spec to let users move passkeys across providers

(fidoalliance.org)
225 points Terretta | 1 comments | 15 Oct 24 12:18 UTC | HN request time: 0s | source
Show context
karlkloss ◴[17 Oct 24 07:09 UTC] No.41867156[source]
If they can be moved, they can be stolen. This'll boost acceptance, but also open a can of worms.
replies(3): >>41867234 #>>41867321 #>>41871670 #
reshlo ◴[17 Oct 24 07:42 UTC] No.41867321[source]
Passkeys are terrifying, and I don’t understand why the companies pushing them are doing so. What are their motives? What do they gain from catastrophically increasing the risk that users completely lose access to our ability to conduct our lives?

If someone steals my phone today, I can still access most of my accounts, and can regain access quickly to the others.

Now let’s assume passkeys are ubiquitous and used to log in to every website.

If they can’t be exported, then your entire digital existence is at the mercy of whatever device or technology platform you use to store your passkeys. If you lose access to the platform, you also permanently lose access to every single account you’ve ever signed up for. For me, that would include losing access to my retirement savings, tax records, and the ability to communicate with many of my friends, to give a few examples.

My computer also doesn’t have Bluetooth, which means I can no longer log in to any websites on it even when I do have access to my passkeys.

replies(2): >>41867346 #>>41867814 #
Hypnosis6173 ◴[17 Oct 24 07:48 UTC] No.41867346[source]
I mean, isn't the idea from them that you have 2 or more of them?

Shure not everybody does that and some sites don't really support that but thinking about this concept of having "physical key s" to your data makes a lot of sense to me.

Don't know how this change will affect my trust in the concept

replies(4): >>41867365 #>>41867397 #>>41875149 #>>41879634 #
afiori ◴[17 Oct 24 07:59 UTC] No.41867397[source]
As any kind of key you need to be able to replace them after you lose them (think of a flood or a house fire) so either:

1. You accept a non-trivial risk to be locked out forever of what you used those keys for 2. You still have a password login to revoke/create keys 3. You invest in enough redundacy to never lose all of your keys

IMHO only 2. is viable and then keys are just a different implementation of a password manager.

replies(2): >>41867489 #>>41869193 #
lxgr ◴[17 Oct 24 08:17 UTC] No.41867489[source]
My keychain has two physical keys, and these change only every time I move.

Of passkeys, I have quite a bit more, with new ones added at least every few weeks. That makes them much harder to physically or even logically replicate one by one.

replies(1): >>41868427 #
afiori ◴[17 Oct 24 11:09 UTC] No.41868427[source]
> My keychain has two physical keys, and these change only every time I move.

How often they change is irrelevant, the point is how you would recover them.

> Of passkeys, I have quite a bit more, with new ones added at least every few weeks. That makes them much harder to physically or even logically replicate one by one.

But what is your plan if you lose them? either you plan to never lose them (3.), you have a way to replace them (2.) or you accept the risk to get locked out (1.)

replies(2): >>41869148 #>>41871179 #
jesseendahl ◴[17 Oct 24 12:45 UTC] No.41869148[source]
Account recovery flows are generally entirely unaffected by the move from password to passkey.

It’s just your login credential.

If you lose either a password or a passkey, you do the same thing: reset and set a new one via email recovery.

replies(1): >>41871164 #
1. lxgr ◴[17 Oct 24 16:31 UTC] No.41871164{3}[source]
> If you lose either a password or a passkey, you do the same thing: reset and set a new one via email recovery.

If that’s an option (and it often really is!), why go through all the trouble of implementing passkeys and not just implement “login via email”?

For some services, that’s not secure enough though.