You’ll find that nobody has a problem with passkeys specifically. They have a problem with the implementation, and companies forcing passkeys onto users who don’t want or need them.
I don’t need passkeys because I use a password manager. My threat model requires that I can restore my password manager, all 2FA, and regain full access to all my accounts from anywhere in the world, even if a natural disaster occurs and all my devices are destroyed.
Passkeys and SMS 2FA are a direct threat to my threat model, and I can’t help but feel they’re designed to further entrench surveillance capitalism, and the invasion of privacy as a prerequisite for security.
You’ll find that nobody has a problem with passkeys specifically. They have a problem with the implementation, and companies forcing passkeys onto users who don’t want or need them.
I don’t need passkeys because I use a password manager. My threat model requires that I can restore my password manager, all 2FA, and regain full access to all my accounts from anywhere in the world, even if a natural disaster occurs and all my devices are destroyed.
Passkeys and SMS 2FA are a direct threat to my threat model, and I can’t help but feel they’re designed to further entrench surveillance capitalism, and the invasion of privacy as a prerequisite for security.