- cross-posted to:
- linux@lemmy.ml
- cross-posted to:
- linux@lemmy.ml
I think this is relevant for Europe because the Passkey technology, being exclusively in the hands of smartphone OS vendors and platforms like Google, Apple, and Microsoft, has very strong implications on European digital souvereignity. Basically, if you use passkeys to access accounts, the vendors can switch off your access to all your accounts at once, because you won’t have working copies of your keys and devices.
You must log in or register to comment.
I have the option for passkey login with Bitwarden (and believe I can export them too), or is this not what they meant with it is ‘exclusively in the hands of smartphone OS vendors’? Is it specifically the technology, then?
The example of Microsoft is not that strong either, because I had a business account 2fa which I only could use with the Microsoft Authenticator, so they managed to make 2fa lock-in too.
This article is IMO factually wrong. Just take one example:
Passkeys only solve one use case - phishing where the user inputs their password and MFA into a fake site.
Passkeys solve a few issues:
- Phishing resistent
- Unique per site (e.g. protection against credential stuffing)
- Immune against brute force attacks
- And offer an (optional) way to log in with biometrics
This tech is clearly not perfect, but not as bad as this article suggests.
Also, you can store passkeys in a password vault like bitwarden and have it available on all your devices.