Dan Romero
@dwr.eth
Why Passkeys aren’t a panacea 1. Passkeys are password-less credentials built on Webauthn. The OS companies — Apple, Google and Microsoft — are responsible for their implementation 2. For most users, Passkeys are usually stored in the OS vendors secure cloud, eg iCloud, to sync across devices. 3. This means that you need to have devices from the same ecosystem — a Mac and an iPhone — for sync to work 4. Naturally, there are plenty of people with a different mobile device vs. computer. 5. Further, OS vendors have been inconsistent with the various features of Passkeys they implement, eg Apple did largeBlob and Google did PRF. 6. Would expect this to take a few more years at a minimum before all the consumer UX kinks are rolled out.
11 replies
2 recasts
45 reactions
shazow
@shazow.eth
Isn't that missing the existence of password managers? 1Password, Bitwarden, etc all support passkeys and are platform neutral. Also passkeys can be very powerful if we treat them as per-device signers (no sync necessary). We can use our world computer with programmable security to globally manage device signers for us. (Keystore rollup is another approach, and can even do interesting offchain versions, currently reviewing a design where it's a state channels of CRDT updates that get flattened onchain on demand.) Overall I think passkeys may end up being more useful for crypto than they are for Google/Apple.
6 replies
1 recast
3 reactions
Dan Romero
@dwr.eth
I’m bearish on password managers in the medium term. Even if they are ones helping build CXP. Maybe an enterprise and a niche power user thing. https://fidoalliance.org/specs/cx/cxp-v1.0-wd-20240522.html
1 reply
0 recast
4 reactions
shazow
@shazow.eth
In a world where crypto is not a dirty word, I would have expected password managers to meld with crypto wallets, and identity management in general. Fairly similar security models, lots of overlap in requirements and common features. But alas that's not our world anytime soon.
1 reply
1 recast
6 reactions