Article discussing the push for passkeys as an alternative to passwords, including numerous problems associated with passkeys like big companies agenda, complicated proprietary implementations, vendor lock-in requirements and dependency on smartphones, dubious value for ordinary users, and misplaced purpose and value, hype and security, lax IT practices and constant private data leaks, psychological reasons why modern Web and email are interactive and phishing-prone due to profit-driven design, wrongness of clickable links, practice of information-only communication, severe implications for privacy and freedom in so-called modern solutions, some other observations, and more
  • dudeami0A
    1·
    1 day ago

    This assumes a pin is used, which according to the WebAuthn wikipedia page is not generally the case:

    The illustrated flow relies on PIN-based user verification, which, in terms of usability, is only a modest improvement over ordinary password authentication. In practice, the use of biometrics for user verification can improve the usability of WebAuthn.

    The way I read this, a pin is even too much for the end-user and biometrics replace it for usability.