alcinnz, Passkeys: A Shattered Dream - William Brown "Firstyear's blog-a-log":
https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/From the outside, a lot of this looks like bikeshedding over threat models (personally I don't care for attestation, but I see why that's in there now). Which yes, easily gets coopted into lock-in.
Passwords (aka "shared secrets") are a poor solution for webservice authenticates, & I hope password managers like BitWarden can do away with most of their issues whilst paving the path away from them!
Add comment