Passwordless - Passkeys

[opethdisciple]

I hate pass keys.

I don't want it but I find that I am being forced to use one now.

Lately I've struggled to complete purchases using PayPal without it insisting on saving a pass key.

 

[GoogalyMoogaly]

I hate pass keys.

I don't want it but I find that I am being forced to use one now.

Lately I've struggled to complete purchases using PayPal without it insisting on saving a pass key.

I'm the same. I'm trying to avoid them but they seem to be getting pushed on us harder and harder.
It annoys me when I log into site and get a message saying it failed to create a passkey, I didn't ask for a passkey!

 

[uvarvu]

The NCSC is advocating their use as well. But what I don’t understand is what is the point if websites continue to accept passwords? Surely it should be one or the other?

 

[Rroff]

The best security really for a lot of stuff is having password-less authentication via email and having a strong password + MFA on the email, though that does make the email a single point of failure i.e. if you lose access to it.

Not a fan of this malarkey with passkeys - far too much of it is a good idea on paper / "in a lab" or for people who work in a certain way - but has a lot of complications and/or contingent situations for people in the real world in general that isn't catered for in the passkey implementation.

 

[andshrew]

The NCSC is advocating their use as well. But what I don’t understand is what is the point if websites continue to accept passwords? Surely it should be one or the other?

There is always going to be a crossover period before things are enforced and the older less secure methods are removed, in the same way that when we moved from passwords to passwords + 2FA it wasn't immediately enforced by most web sites that you add 2FA to your accounts - until it was.

 

[kindai]

I love them, any time a site offers them I swap immediately.