←back to thread

Passkeys and Modern Authentication

(lucumr.pocoo.org)
184 points Bogdanp | 1 comments | 02 Sep 25 13:47 UTC | HN request time: 0s | source
Show context
juancn ◴[02 Sep 25 17:27 UTC] No.45106230[source]

    Signing into my accounts on my children’s devices has turned from a straightforward process to an incredibly frustrating experience. I find myself juggling all kinds of different apps and flows.
This strikes home for me, I'm the main gatekeeper of passwords and service accounts in my home. 2FA and passkeys are so annoying to juggle.

My kids use prepaid numbers, once I changed one and forgot to tell Apple, when I realized that I needed the old number later, it took me a month at least to get it back.

I really like passwords, the security risks are well known and really easy to handle compared to 2FA and all that crap, specially when 99% of your accounts are not sensitive enough to merit anything fancy.

replies(5): >>45106514 #>>45106530 #>>45107602 #>>45108644 #>>45112401 #
teekert ◴[02 Sep 25 20:33 UTC] No.45108644[source]
I’m on proton (family) and put pass on all devices (inc the kids’) so I can quickly share credentials. But still, I agree that some kind of export of private keys is sorely needed.
replies(1): >>45111869 #
basch ◴[03 Sep 25 03:05 UTC] No.45111869[source]
Ill maintain that family management of access control is one of the most broken things on the internet. Not only does 2fa make granting access on other devices a nightmare, but then each developer has its own version of parental controls.

ALL of account permissions, relations to other accounts, and authentication should be an exposed api that rolls up into a single dashboard. I should be able to go into one single control panel to control exactly what accounts are allowed to do what on what devices for all services for all family members. That includes lockouts, auth resets, push of auth to a device I dont have physical access to (kid is on a trip, I need to sign him into something).

I could go on and on and on about all the different ways this paradigm is so broken, it actually breaks our imagination of what it should look like in a functioning world. We are so used to doing it completely wrong, its hard to see right.

replies(1): >>45112967 #
anon7000 ◴[03 Sep 25 06:54 UTC] No.45112967[source]
That basically does exist, and it’s called SSO. SSO providers (eg Okta) have a unified dashboard where you can control who can access what, and at what level, and can revoke access any time. It’d be nice if there was a version of that for families that wasn’t insanely expensive.

Anyways, 1Password completely solves this problem for me with me & my wife.

replies(1): >>45114976 #
1. basch ◴[03 Sep 25 12:36 UTC] No.45114976[source]
It doesn’t do anything for pushing authentication remotely or controlling access within apps, such as voice chat in Roblox. Each app has proprietary controls.

It also doesn’t begin to cover notifications. For some reason most services seem to think only one parent is in charge and both don’t need equal access and equal notice.