Dan Romero pfp
Dan Romero
@dwr.eth
Why Passkeys aren’t a panacea 1. Passkeys are password-less credentials built on Webauthn. The OS companies — Apple, Google and Microsoft — are responsible for their implementation 2. For most users, Passkeys are usually stored in the OS vendors secure cloud, eg iCloud, to sync across devices. 3. This means that you need to have devices from the same ecosystem — a Mac and an iPhone — for sync to work 4. Naturally, there are plenty of people with a different mobile device vs. computer. 5. Further, OS vendors have been inconsistent with the various features of Passkeys they implement, eg Apple did largeBlob and Google did PRF. 6. Would expect this to take a few more years at a minimum before all the consumer UX kinks are rolled out.
11 replies
5 recasts
67 reactions
Dan Romero pfp
Dan Romero
@dwr.eth
cc @cassie who went quite deep here a few times
0 reply
1 recast
15 reactions
shazow pfp
shazow
@shazow.eth
Isn't that missing the existence of password managers? 1Password, Bitwarden, etc all support passkeys and are platform neutral. Also passkeys can be very powerful if we treat them as per-device signers (no sync necessary). We can use our world computer with programmable security to globally manage device signers for us. (Keystore rollup is another approach, and can even do interesting offchain versions, currently reviewing a design where it's a state channels of CRDT updates that get flattened onchain on demand.) Overall I think passkeys may end up being more useful for crypto than they are for Google/Apple.
6 replies
1 recast
4 reactions
vanishingideal pfp
vanishingideal
@vanishingideal
Sceptical of a future where cross platform passkey sync and recovery is a thing. Especially where Apple is concerned.
1 reply
0 recast
1 reaction
Cassie Heart pfp
Cassie Heart
@cassie
some addendums 7. As others mentioned, external password managers exist with varying degrees of integration with the OS. Most of them do not support specialized extensions – in fact many of the OS-level SDKs do not properly _expose_ those extensions to the password managers, leading to extremely broken experiences. 8. There is work in progress between major webauthn providers to support portability between ecosystems, but not all providers are game for it (Yubico), and as we've seen already, they tend to have conflicting support for different features outside of the basic webauthn NIST keys
1 reply
0 recast
7 reactions
christopher pfp
christopher
@christopher
You mentioned before that Apple supports PRF now in iOS 18. Uno can generate backup Ed25519 keys on device in case the server keys are lost. Also useful for frames v1 interactions without proxy to server.
0 reply
0 recast
2 reactions
nomygod pfp
nomygod
@nomygod.eth
just sharing. i use sign in with apple passkey from my iphone on my windows pc via bluetooth
1 reply
0 recast
1 reaction
jd 🌺 pfp
jd 🌺
@jdl
thanks for writing out all the subconscious reasons why we’ve said no passkeys thus far
0 reply
0 recast
2 reactions
Omar pfp
Omar
@dromar.eth
What about Ledger Security key? Most of the new ledger devices can be used as a passkey. Was thinking of switching to that for all my passkeys as it avoids most of the pitfalls mentioned.
0 reply
0 recast
0 reaction
Kieran Daniels 🎩 pfp
Kieran Daniels 🎩
@kdaniels.eth
i guess we just need to scan our eyeballs and call it a day 🤷‍♀️
0 reply
0 recast
0 reaction
kompreni 🚂 pfp
kompreni 🚂
@kompreni
Who's saying that in the first place?
0 reply
0 recast
0 reaction
Haole pfp
Haole
@haole
that's one reason not using smart wallet for warpcast?
0 reply
0 recast
0 reaction