Passkeys are almost awesome - by Wil Gieseler - Thoughts
There’s been a lot of discussion recently about passkeys – the alternative to passwords for logging in to apps and websites. DHH wrote a piece suggesting they’re more problematic than passwords.Implementation complexity, and John Gruber echoed some of those concerns.
However, I love passkeys! I think they are a great solution to real problems, and they’re capable of offering a significantly better user experience than passwords, two-factor authentication, or logging in through third-party services like Google or GitHub.
Passkeys make phishing impossible, get rid of two-factor codes, and eliminate the need to save or remember passwords, and offer a one (or fewer) click login experience. They’re an open standard and work with web and native apps. Another security benefit is that if you support passkeys, you also support hardware security dongles – they’re a part of the same FIDO standard.
It’s perfectly possible to have passkeys be the only login mechanism for a service. However, almost every service will want to validate the user’s email address – this prevents spam and bots, but most importantly provides account recovery through a secure, well-understood path.
Leave a Comment
Related Posts
Pablo Castro on Twitter: "Been implementing the Game of Life a lot lately. Since cells should "wrap around" the screen (left-right, top-bottom), the space is actually a torus. So here's Life in a torus in javascript. #threejs is awesome. Code/live version: https://t.co/bjrBz63nx0… https://t.co/HnaueymrYu"
Comment
Recent Posts
Scurvy—a re-emerging disease with the rising cost of living and number of bariatric surgical procedures | BMJ Case Reports
Comment
/cdn.vox-cdn.com/uploads/chorus_asset/file/25693192/2160975539.jpg)
