@grumpygamer @falken @octesian They can act both as 2FA and as the sole login with no actual password. Both provide additional security over even good passwords. One is a nice alternative to TOTP and the other has no password to worry about in case of breaches.

Logging in to one of my Google accounts is far smoother with passkeys than it used to be, because they no longer insist on multiple 2FA solutions on top (or rather: First the wrong one I never use and then the manually selected correct one - and TOTP has the minor issue of being time sensitive, so it can fail due to clock drift and network delays).

@trezzer @grumpygamer @octesian what is the secret part of your Passkey? Can you export and import them? No? Then it's anti user lock in. No wonder Chrome and Safari are pushing them

@falken @trezzer @grumpygamer @octesian Passkeys use PKI so you have a public key and private key.

Vendors are working together to create a portability standard to allow you to move them around https://bitwarden.com/blog/security-vendors-join-forces-to-make-passkeys-more-portable-for-everyone/

I was skeptical of Passkeys at first due their complex nature and thought it would hurt adoption like the friction with MFA but the development over the last couple of years has made them more user friendly.

@apjone @trezzer @grumpygamer @octesian right, so its browser lockin. Until some vague future point

@falken I use my (same) Passkeys across at least six different browsers through Bitwarden.

@trezzer great. now export them from bitwarden. oh, you can't; https://community.bitwarden.com/t/passkey-export-file/77448

You are locked into bitwarden forever.

@falken Well, for now, yes. You can usually add multiple passkeys to a single account, though, so while it would be annoying, it would be no more annoying than changing all your passwords in theory.

@trezzer "export as PEM" wouldn't be rocket science but noooooo there has to be a whole years long argument at a working group or something instead

#passkey #passkeys #bitwarden #fail

@falken That’s the cost of slow-moving standards bodies. At least password managers let you bring your Passkeys with you while we wait, and I’ll take the QoL improvements now rather than wait for the export-import shenanigans. It took quite a while before it was possible outside the browser (which was an awful place to keep them).

@trezzer my view ia this doesn't need a standard body. Password manager's manage import/export as .csv fine already

@falken I personally have no strong opinion on the matter, but what I strongly suspect is that for everyone to be aboard, a solution must be agreed upon that satisfies the most paranoid members of the group. Which, I guess, may be a good thing in some cases. I’m always a bit nervous myself when pulling data from encrypted stores temporarily. I would probably prefer some sort of encrypted transfer between Passkey wallets. Just to be on the safe(r) side. No idea how to do it correctly, though.