Looks like a huge amount of security vendors are working to have a secure and open standard for passkey portability between platforms.

It is always good to see major collaboration in the security space like this considering the harsh opinions that users of some of these vendors have toward many of the others. I just wish apps and sites would stop making me login with username and password if passkeys are meant to replace that lol.

  • Pasta Dental@sh.itjust.works
    link
    fedilink
    arrow-up
    35
    arrow-down
    9
    ·
    edit-2
    2 months ago

    I don’t like that passkeys are portable, this kind of defeats the entire purpose. The way they were sold to me is the following: it’s 2 factors in one. The first is the actual device where the key lives, and the second, the user verification, like a pin, face scan, fingerprint etc. If it’s synced across the cloud, there’s no longer the first factor being the unique key on the unique device.

    Granted, passkeys even without the first factor are still magnitudes better in terms of convenience and security compared to passwords, but it just disappoints me a little that there are no good options to save passkeys on my local device only, with no cloud sync.

    If anyone knows of a local-only passkey manager app for android, as well as the same as a firefox extension, I’d love to know about it!

    • Soothing Salamander@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 months ago

      Admittedly, for some password managers, the passkeys are stored locally and are not accessible in the cloud unencrypted without the decryption keys that exist on devices you authorize.

      This may still not make a difference for you though. For me, I consider passkeys, even stored in the cloud, to be enough for the vast majority, so I appreciate these vendors working to make passkeys more easy for the end user.

      • Pasta Dental@sh.itjust.works
        link
        fedilink
        arrow-up
        2
        ·
        2 months ago

        I agree and I still store my passkeys in proton pass, but that’s more because there’s no real option for storing them locally only. I really like passkeys and they make me optimistic about the future, it’s just that I think the way they should work is that each device should have a passkey registered to an account, so that the access can then be revoked if the device was compromised. And it’s even convenient in this way with the QR codes that you can use to temporarily share a passkey to then be able to add the new device.

    • m-p{3}@lemmy.ca
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      I guess you’re better off buying a physical security key, which offers some guarantee that the keys cannot be exflitrated from the device.

        • m-p{3}@lemmy.ca
          link
          fedilink
          arrow-up
          1
          ·
          2 months ago

          Strange, my Yubikey allows me to authenticate using Passkeys just fine by entering the PIN that protects my stored credentials.

    • Zomg@lemmy.world
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      2 months ago

      Setup 1password with a physical security key might fix that issue somewhat.

    • ryannathans@aussie.zone
      link
      fedilink
      arrow-up
      0
      ·
      2 months ago

      If you don’t want to sync your credentials with a server, why are you using a server based credential manager?

      • Pasta Dental@sh.itjust.works
        link
        fedilink
        arrow-up
        0
        ·
        2 months ago

        For 2 reasons:

        • I want to sync my credentials that cannot be made unique and revocable (ie passwords). I can have a single passkey per device, I cannot have a password per device for a same account. I also have to memorize a password, and I have hundreds that I may need to access while I am away and only have my phone.
        • I use one because currently I have not found a convenient way to save local passkeys on Android and my Linux PC.
        • Petter1@lemm.ee
          link
          fedilink
          arrow-up
          1
          ·
          2 months ago

          You can save local passkeys using a local keepass file and keepassXC. No cloud needed.