Dan Romero
@dwr.eth
Why Passkeys aren’t a panacea 1. Passkeys are password-less credentials built on Webauthn. The OS companies — Apple, Google and Microsoft — are responsible for their implementation 2. For most users, Passkeys are usually stored in the OS vendors secure cloud, eg iCloud, to sync across devices. 3. This means that you need to have devices from the same ecosystem — a Mac and an iPhone — for sync to work 4. Naturally, there are plenty of people with a different mobile device vs. computer. 5. Further, OS vendors have been inconsistent with the various features of Passkeys they implement, eg Apple did largeBlob and Google did PRF. 6. Would expect this to take a few more years at a minimum before all the consumer UX kinks are rolled out.
11 replies
3 recasts
57 reactions
shazow
@shazow.eth
Isn't that missing the existence of password managers? 1Password, Bitwarden, etc all support passkeys and are platform neutral. Also passkeys can be very powerful if we treat them as per-device signers (no sync necessary). We can use our world computer with programmable security to globally manage device signers for us. (Keystore rollup is another approach, and can even do interesting offchain versions, currently reviewing a design where it's a state channels of CRDT updates that get flattened onchain on demand.) Overall I think passkeys may end up being more useful for crypto than they are for Google/Apple.
6 replies
1 recast
4 reactions
↑langchain 🎩
@langchain
Bitwarden passkey implementation sucked in the beginning and I may have forced myself to be between iCloud and BW. Also after implementing BW and Apple Passwords for family members, I can confidently say @dwr.eth is right. BW will never win with normal people.
1 reply
0 recast
1 reaction
Dan Romero
@dwr.eth
Passkeys are amazing for my parents who use iPhone / iPad and a computer (iMac) occasionally.
1 reply
0 recast
0 reaction