@timbray this has been my experience with them as well. Most of the time passkeys just do not work for me.
And I’m a tech nerd deep into the open source computing space, have helped develop cross-desktop standards, and help translate between the nerdiest engineers I’ve met and various levels of less-technical folks. If I can’t get it to work reliably, I don’t think there is hope for most people. 😅
@timbray I’ve been locked out of my PlayStation account, my Google passkey just never works (on my Google Pixel phone, no less), my phone thinks I have passkeys for accounts I have never used a passkey with… it’s a mess.
I want it to work. But holy crap the experience has been terrible. I think they were rolled out way too aggressively before pretty fundamental user experience concerns were addressed—let alone the abysmal (non-existent) user education.
@timbray@anderseknert yeah I wanted to try them but didn't get how to do it.
I don't want Google to have all my login credentials and I don't want to scan a QR code with my phone at any login. I also don't want to buy extra hardware.
It's annoying to click accept on my phone for 2FA to connect to the VPN. But it's the vpn. I don't want to get my phone for any Website.
The copy&paste or autofill from my password manager is more comfortable.
@CaptainMalu@timbray I’ve set up 1Password to manage passkeys for GitHub and Google. Works quite well, and no phone required. But also no immediate benefit compared to passwd + totp.
@timbray Classic overengineered solution. It needs to be simple enough for anyone to understand. Currently it is not simple enough for people who work as programmers to understand.
@objc@timbray as far as I can tell, though, I can't move between OSes. If I set up my current phone as holding my passkeys, and then I change to a different phone (OS), I am just flat-out stuck; I cannot export my passkeys, or store them myself in some neutral format, or export them to a different device. I might be wrong on this, but every time I've asked I've got that answer, or no answer. If that's changed then I'll be happy to look again.
@MikeBeas@sil@objc So if I'm using 1password and syncing between my laptop & phone, the same passkey can be used on both?
[Definitely getting the feeling that 1Password is the leader at making these things usable. Having said, that, I have yet to convince any nontechnical person to use any password manager aside from the ones in the browsers.]
@timbray@sil@objc Yes, it works like anything else you sync via a password manager. Several password managers support them.
For non-technical users, storing them in the system keychain is fine. They’re end-to-end encrypted and synced via iCloud or the Google password manager, same as regular passwords. You can scan a QR code on other devices that aren’t able to sync them (Windows or whatever) and login from your phone. It’s a pretty painless process.
Um, the testimony in these threads and the original article suggest that is a minority viewpoint. There have been a couple people pipe up saying “just works for me” but many more saying “pool of pain”.
The only notion I had gotten from them is that they seem to lift the burden from the user; an easier on-ramp for ‘web services’ you think have no reason for a password or account anyway.
But you have to back that up with a faq- if device or cloud does it for you, what happens when the device is lost or stolen, or ‘the cloud’ is unavailable.
@timbray I'll admit that I have a half dozen articles open in my browser tabs from the last 12 months, and I still don't grok what supposed to do/expect as end user through my cycle of new devices, new services, credential changes, etc....
Add comment