Content
@
0 reply
0 recast
0 reaction
Joaquim Verges
@joaquim
Don't let the hype fool you. Look underneath. https://x.com/joenrv/status/1857609397607813171?t=FBe4lJCIONXwB2vfNK00Iw&s=19
2 replies
2 recasts
5 reactions
Peter Ferguson
@peterferguson.eth
These are both only true of the current state of passkeys Secure Payment Confirmation is all about enabling cross-domain passkeys for payments and goes some of the way to solving the blind signing issue These have been known issues for years and have been under active development by user agent teams for just as long
1 reply
0 recast
0 reaction
eric.base.eth 🔵
@ericbrown.eth
I’ve done a lot of research on passkey security. A couple important notes: - users can use a non-native password manager (1Password) for devices with different operating systems - For iCloud, Apple has absolutely 0 ability to view or leak your private key. There is no single point of failure and almost every single aspect of Apple’s organization and infra could get hacked and your private key would still be safe. I saw some comparisons to OAuth in the X comments. These aren’t even remotely in the same ball park when it comes to security - iCloud Keychain is the world’s most secure, recoverable & robust private key manager in the world and nobody comes close. This is by far the best option for 95% of users There are still UX problems to improve, but it’s far and away the most secure and familiar option for people who are presently offchain. Here’s a helpful in-depth guide that directly references Apple’s documentation: https://evmbrahmin.com/blog/iCloud-keychain-passkeys-guide.html
0 reply
0 recast
4 reactions
