Dan Romero pfp
Dan Romero
@dwr.eth
Why Passkeys aren’t a panacea 1. Passkeys are password-less credentials built on Webauthn. The OS companies — Apple, Google and Microsoft — are responsible for their implementation 2. For most users, Passkeys are usually stored in the OS vendors secure cloud, eg iCloud, to sync across devices. 3. This means that you need to have devices from the same ecosystem — a Mac and an iPhone — for sync to work 4. Naturally, there are plenty of people with a different mobile device vs. computer. 5. Further, OS vendors have been inconsistent with the various features of Passkeys they implement, eg Apple did largeBlob and Google did PRF. 6. Would expect this to take a few more years at a minimum before all the consumer UX kinks are rolled out.
11 replies
3 recasts
57 reactions
shazow pfp
shazow
@shazow.eth
Isn't that missing the existence of password managers? 1Password, Bitwarden, etc all support passkeys and are platform neutral. Also passkeys can be very powerful if we treat them as per-device signers (no sync necessary). We can use our world computer with programmable security to globally manage device signers for us. (Keystore rollup is another approach, and can even do interesting offchain versions, currently reviewing a design where it's a state channels of CRDT updates that get flattened onchain on demand.) Overall I think passkeys may end up being more useful for crypto than they are for Google/Apple.
6 replies
1 recast
4 reactions
Dan Romero pfp
Dan Romero
@dwr.eth
I’m bearish on password managers in the medium term. Even if they are ones helping build CXP. Maybe an enterprise and a niche power user thing. https://fidoalliance.org/specs/cx/cxp-v1.0-wd-20240522.html
1 reply
0 recast
5 reactions
boscolo.eth pfp
boscolo.eth
@boscolo.eth
Password managers are an anti-pattern that should be phased out and replaced with device-specific TEE-protected credentials. They create a central point of failure that become a liability when teams let the code rot like LastPass did.
1 reply
0 recast
0 reaction
matthewb pfp
matthewb
@matthewb
too bad 1password doesn’t store passkeys properly which bricks apps trying to build on top of this platform neutral tech
1 reply
0 recast
2 reactions
Dan Romero pfp
Dan Romero
@dwr.eth
1Password strips out largeBlob (they blame Apple) on iOS and it breaks our Passkeys. It’s still a big mess right now.
0 reply
0 recast
1 reaction
Darryl Yeo 🛠️ pfp
Darryl Yeo 🛠️
@darrylyeo
Wondering the same thing.
0 reply
0 recast
0 reaction
↑langchain 🎩 pfp
↑langchain 🎩
@langchain
Bitwarden passkey implementation sucked in the beginning and I may have forced myself to be between iCloud and BW. Also after implementing BW and Apple Passwords for family members, I can confidently say @dwr.eth is right. BW will never win with normal people.
1 reply
0 recast
1 reaction