> At this point I think that Passkeys will fail in the hands of the general consumer population.
Actually, I think it might be worse. The predators like Apple/Google have already pounced on passkeys as a consumer capture mechanism, so they'll ensure it doesn't fail.
They're a consumer capture mechanism insofar as password management tools are, and we want users to use those because they make security tolerable. The problem is that it turns out the OS vendor was in the best place to win the password management game.
The lock-in situation with passkeys seems far worse than with password managers, though. There is no "export" option for iCloud passkeys - despite being cloud-synced across your Apple devices.
If you decide to switch from an iPhone to an Android phone, you're looking at an arduous process of enrolling a new passkey for every single site.
Just you wait for governments to require platforms to only accept gov-signed keys.
I was sceptical about something-you-own auth vs. something-you-know auth from the beginning and recieved backlash from my tech peers for it. I hate to be able to go "told you so" on this one. Lets hope im wrong about the government involvement, but i dont think i will.
not to diminish your point, but since at decade or so I'm a more worried about corporate surveillance capitalism than I'm about government surveillance.
Why? Governments can do so much harm by incarcerating, fining or even killing you.
Don't get me wrong - corporate surveillance can be very annoying, especially in insurance / credit scoring / price discrimination etc, but it seems a comparatively lesser danger.
Probably because governments can just buy the corporate surveillance results, bypassing any shoddy protections that even exist completely. So corporate surveillance is government surveillance.
You can’t avoid these corporations if you want to remain active on the internet. They keep shadow profiles. They sell and share your data from one service to another (I stoped using Facebook for example, but Netflix shared its watch data with Facebook.)
I don’t think it’s possible to avoid them. Confuse them maybe.
I mean, same, but only because I realized a new undesirable thing was becoming a tacit reality that we'd have to accept on top of already undesirable thing
Actually, I think it might be worse. The predators like Apple/Google have already pounced on passkeys as a consumer capture mechanism, so they'll ensure it doesn't fail.