Starting to look at passkeys and have used the demo at
https://www.passkeys.io/

Haven't committed whole hog to it yet but will transition during 2024.
This is a part of my "abandoning the assholes of the rental software
economy", to whit: agilebits (1Password).

While passkeys don't absolutely replace passwords they do replace the
use of them. Thus, if one loses all of his devices (a house fire, for
example), the ability to log into, eg, Apple, provides for the recovery
of the passkey private/public keys. So - still need to remember ones
AppleID password.

(If that para seems bizarre, do note that passkeys is device oriented
and assumes only the proper owner of the device can open the device
based on biometrics, device specific password or PIN. So if one lost
all of their devices they would be locked out of their accounts - in the
case of Apple (and presumably others), the private/public key pair are
encrypted and saved with your AppleID).

A "cool" thing about it: I set up a passkey for the site above from my
Mac, and the private key was wrapped and securely shared with my other
devices. Thus, just using Face ID on my iPhone I could log in. Yeah,
that Apple Country Club experience. (Not sure how this is implemented
if one is Windows or Google "oriented", but there is surely a similar
mechanism).

Curious to know if others have begun using passkeys and with which sites.

<re-post - 1st try seems to have been lost>

--
“Markets can remain irrational longer than your can remain solvent.”
- John Maynard Keynes.

On 2024-01-18, Alan Browne <bitbucket@blackhole.com> wrote:
>
> Starting to look at passkeys and have used the demo at
> https://www.passkeys.io/
>
> Haven't committed whole hog to it yet but will transition during 2024.
> This is a part of my "abandoning the assholes of the rental software
> economy", to whit: agilebits (1Password).
>
> While passkeys don't absolutely replace passwords they do replace the
> use of them. Thus, if one loses all of his devices (a house fire, for
> example), the ability to log into, eg, Apple, provides for the
> recovery of the passkey private/public keys. So - still need to
> remember ones AppleID password.
>
> (If that para seems bizarre, do note that passkeys is device oriented
> and assumes only the proper owner of the device can open the device
> based on biometrics, device specific password or PIN. So if one lost
> all of their devices they would be locked out of their accounts - in
> the case of Apple (and presumably others), the private/public key pair
> are encrypted and saved with your AppleID).
>
> A "cool" thing about it: I set up a passkey for the site above from my
> Mac, and the private key was wrapped and securely shared with my other
> devices. Thus, just using Face ID on my iPhone I could log in. Yeah,
> that Apple Country Club experience. (Not sure how this is implemented
> if one is Windows or Google "oriented", but there is surely a similar
> mechanism).
>
> Curious to know if others have begun using passkeys and with which
> sites.

I've meaning to get round to doing this. Happy to learn from your
experience in the mean time. 🙂👍🏼

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

On 2024-01-18 20:22, Jolly Roger wrote:
> On 2024-01-18, Alan Browne <bitbucket@blackhole.com> wrote:
>>
>> Starting to look at passkeys and have used the demo at
>> https://www.passkeys.io/
>>
>> Haven't committed whole hog to it yet but will transition during 2024.
>> This is a part of my "abandoning the assholes of the rental software
>> economy", to whit: agilebits (1Password).
>>
>> While passkeys don't absolutely replace passwords they do replace the
>> use of them. Thus, if one loses all of his devices (a house fire, for
>> example), the ability to log into, eg, Apple, provides for the
>> recovery of the passkey private/public keys. So - still need to
>> remember ones AppleID password.
>>
>> (If that para seems bizarre, do note that passkeys is device oriented
>> and assumes only the proper owner of the device can open the device
>> based on biometrics, device specific password or PIN. So if one lost
>> all of their devices they would be locked out of their accounts - in
>> the case of Apple (and presumably others), the private/public key pair
>> are encrypted and saved with your AppleID).
>>
>> A "cool" thing about it: I set up a passkey for the site above from my
>> Mac, and the private key was wrapped and securely shared with my other
>> devices. Thus, just using Face ID on my iPhone I could log in. Yeah,
>> that Apple Country Club experience. (Not sure how this is implemented
>> if one is Windows or Google "oriented", but there is surely a similar
>> mechanism).
>>
>> Curious to know if others have begun using passkeys and with which
>> sites.
>
> I've meaning to get round to doing this. Happy to learn from your
> experience in the mean time. 🙂👍🏼

Not a whole lot to say, so far.

- Amazon, works (Safari, Chrome / Mac, iPhone) - can turn off 2FA (need
to do this one-by-one for each browser, alas).

- Apple, doesn't work (as a sign in on the Apple sites (ID, Store)) but
it is set up for that eventuality if it occurs. OTOH, my Apple ID's
keychain is the repository for the Passkeys, so it's propagated
(securely) to my other devices.

- GitHub

- test site as mentioned

- My banks don't support Passkeys (yet?)

And of course since I use Passwords on my Mac, when I log into a known
site I get a prompt to use Passwords for the account username which of
course supplies (also) the site password. Sort of end-running the
purpose of Passkeys.

So - until this is all "burned in" as to habits, it's not paying off in
any great way (other than turning off 2FA on Amazon).

Not that many sites on board, alas:
https://www.passkeys.io/who-supports-passkeys

Offhand, people with a "password habit" are going to find transitioning
a little tedious as each site needs to be visited to set up the passkey,
which means (of course) using the current password (of course).

This isn't a sprint.
It's no marathon.
A walk would be faster.
.... crawl on...

--
“Markets can remain irrational longer than your can remain solvent.”
- John Maynard Keynes.