Content
@
0 reply
0 recast
0 reaction
zack
@labadie.eth
Passkeys enable super fast, easy wallet creation but is that really the holy grail? A wallet should serve as a secure, reliable, and accessible identity. It's led me to think more about something I'm calling "account durability"
3 replies
0 recast
12 reactions
abram
@abram
I like this framing, though it feels like "user owned" is an important and omitted aspect. Can an account be durable if its password is controlled by a third party? Feels like it fails the "reliable access" test since it can be yoinked by {third party} at any time.
1 reply
0 recast
1 reaction
abram
@abram
I actually would go as far to say that if a data breach *can* happen, it's fundamentally not durable. Thoughts?
1 reply
0 recast
1 reaction
zack
@labadie.eth
My definition of durability is a bit overloaded because there's a catch-22: Exposure to data breaches or 3rd-party censorship decreases durability. At the same time, users are fallible and a 100% self-custodied account is not durable at scale. Realistically, there needs to be a safety net of some kind.
1 reply
0 recast
0 reaction
zack
@labadie.eth
Since there's no silver bullet, I believe optionality + flexibility are key. My mental model for an ideal account model involves an "auth stack" where users can progressively add auth methods over time. If true: What's the best foundation for this stack? How + when to add to it and which methods should be supported?
1 reply
0 recast
0 reaction
abram
@abram
100% I like the term "auth stack" (for the right audience, hah) and the idea of progressively adding to it over time (as impact grows) is how we're thinking about this, both in terms of product and internal ops.
0 reply
0 recast
1 reaction
