Passkeys and Modern Authentication
8 days ago
- #privacy
- #authentication
- #passkeys
- The industry is moving from username/password to passkeys, with potential benefits but also concerns.
- Attestation systems in passkeys can enable vendor lock-in and restrict authentication methods, as seen with government eID systems.
- Apple and Google do not expose attestation data in consumer passkeys but allow it for hardware tokens and enterprise use.
- Private keys cannot be exported between authentication password managers, complicating ecosystem transitions.
- Passkeys are often adopted automatically, sometimes without clear user consent (e.g., Amazon).
- Moving between ecosystems (e.g., Apple to Android) can be difficult due to passkey dependencies.
- Google’s account termination policies pose risks for losing access to third-party credentials.
- Access issues worsen for families in cases of incapacitation or death due to complex authentication systems.
- Building from scratch or using Open Source projects is harder due to OAuth and passkey dependencies.
- Increased reliance on tech giants raises concerns about loss of individual agency and data access.