Passkeys are built on the FIDO2 standard (CTAP2 + WebAuthn standards). They remove the shared secret, stop phishing at the source, and make credential-stuffing useless.
But adoption is still low, and interoperability between Apple, Google, and Microsoft isn’t seamless.
I broke down how passkeys work, their strengths, and what’s still missing
Better title:
Passkeys: still trying to explain why it’s worth the hassle when it isn’t
There’s a hassle?
Every time I was prompted to use one by plugging my phone in to my computer nothing happened. That was a little over a year ago.
I haven’t even bothered into understanding what passkeys are (I know, I should check it out thoroughly) but I think that at its core it requires your phone, and as I like messing around with my hardware installing custom roms and rooting I suppose this method will be pursued by Google so, just as NFC payments, I don’t give a single fuck about it 🤣
A better, well defined API for password managers to insert login information to the site compared to text boxes.