@icing So you use an SSH key manager and your login is not performed by "your brain" but ssh-agent (which had lots of quite bad CVEs btw, but that's just a side note).
Yet, you don't like using those keys for Web by claiming (quite arbitrarily and falsely) that Google or Apple are controlling the keys. Kinda, as if you would use iCloud as your SSH storage with a proprietary Apple ssh-agent.
@icing but that's not a Passkey problem but your choice of the Passkey store. You could store the passkey in a different tool that you'd unlock by other means. Or even use a hardware token. Right?
@maxheadroom@icing yes. You can use every password manager that implements it for passkey. The Usercase for passkeys is people who do not want to deal with enrolling multiple ubikeys to every service they use.
Given that you trust your phone and the passkey applications, you get comparable security to hardware security tokens, while solving the recovery problem.
And make no mistake, recovery is, what makes ubikeys unusable for most people.
@mxk@maxheadroom Which password manager do you trust for this? I was once on 1password before they killed local stores. No desire to use cloud storage.
@icing@maxheadroom I don't, but I also fundamentally dislike the idea of using my phone as a root of trust.
But this doesn't change that I think that passkeys are a gigantic improvement for the average user.
Add comment