LINKDING

 Shared bookmarks

Passkeys: A Shattered Dream

https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/ Internet Archive
Tags
#article #security #web #lang:en
Date added
April 26, 2024, 5:33 p.m.
Description
At around 11pm last night my partner went to change our lounge room lights with our home light control system. When she tried to login, her account couldn't be accessed. Her Apple Keychain had deleted the Passkey she was using on that site.This is just the icing on a long trail of enshittification that has undermined Webauthn. I'm over it at this point, and I think it's time to pour one out for Passkeys. The irony is not lost on me that I'm about to release a new major version of webauthn-rs today as I write this.
Notes

So do yourself a favour. Get something like bitwarden or if you like self hosting get vaultwarden. Let it generate your passwords and manage them. If you really want passkeys, put them in a password manager you control. But don't use a platform controlled passkey store, and be very careful with security keys.

And if you do want to use a security key, just use it to unlock your password manager and your email.