this post was submitted on 11 Oct 2023
288 points (98.0% liked)
Technology
73655 readers
6117 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Having a seamless way to migrate away is itself a security risk, since that method could be used by attackers to compromise the key store. The migration path for any of the major players (Apple, Google, Microsoft, Yubikey) involves logging into each site you used a passkey with, adding a new one from your new passkey store, then revoking the old passkey.
Password managers that store Passkeys may handle this differently, though, and are your best bet if you want migration flexibility.
The method you describe is untenable for 99.9% of the population. If that is truly the only way to migrate, then this move to passkeys is a catastrophe for security. In the coming years, millions of people are going to be permanently locked out of important accounts. Accounts will be written about the clearly flawed implementation of passkeys by Apple and Google, and a whole generation of people are going to shun passkeys forever. Myself included. This is a nightmare for vendor lock-in. I can see why Apple and Google are so ready to implement this.