Content pfp
Content
@
0 reply
0 recast
0 reaction

Stephan pfp
Stephan
@stephancill
The biggest problem I have with passkeys in crypto is that it fails the walkaway test because it’s tied to a domain Is this solvable?
7 replies
3 recasts
51 reactions

payton ↑ pfp
payton ↑
@payton
There are some initiatives to make this more malleable. See the new related origins request feature on Chrome: https://developer.chrome.com/blog/passkeys-updates-chrome-129?hl=en#related-origin-requests
1 reply
0 recast
3 reactions

Stephan pfp
Stephan
@stephancill
This is a step in the right direction, but one thing that i think could solve the walkaway issue is a ‘universal’ passkey that can be invoked from any website. Not sure if this contradicts passkeys on a philosophical level though because it seems like they believe quite strongly that passkeys shouldn’t be transferable across domains
1 reply
0 recast
1 reaction

payton ↑ pfp
payton ↑
@payton
Yeah, this would be more contradictory to the Passkey ethos I think. Passkeys are ultimately meant to be resistant to phishing, so opening up a Passkey to all domains would remove a lot of the benefits. If you remove the domain constraint, I think you would need to replace it with something else that's consistent across browser security models.
1 reply
0 recast
1 reaction