I just published a blog on Passkeys which I believe is gonna be the future of how logins gonna be. Take a look and let me know if you’ve taken the leap to this method of authentication
I’ll read this with interest, I think I’m still quite old school with text message verifications!!
Geeze, my company just started two-factor authentication and now there are passkeys? My computers are now filling in passwords for me as needed. So of course, someone decides that is too convenient for the users, let’s start a new requirement…can’t make it easy for people to do business with us or to work for us. (In case you can’t tell, I’m not happy. I just removed all work-related email from my PERSONAL phone, aka I was reading mail on MY TIME, as a favor to work…and they came out with all sorts of requirements of things I need to load on to MY phone to read THEIR email during MY TIME. Can you say “straw that broke the camel’s bank”? Security is one thing. And I understand it. But inconveniencing ME to do work for YOU on MY time is NOT the way to create loyal employees who will read and reply to email in a timely fashion outside of normal working hours (which, just for the record are 6:30am to 5pm!..I’m not a slacker and I’m not a newbie!) So, no, I have NOT taken this leap and I do not plan on it until I’m forced to do so by TPTB (The Powers That Be) and only if I have to.
Not TOTP/Authenticators? I hope you’ve a lock code on your SIM
Passkeys replaces 2fa/mfa with a proof of identity and ownership like on-device biometric or face scan. In the tech side it works on asymetric keys and even the services you’re using don’t need to have your keys; they’ll just authenticate on it’s fingerprint making it phishing proof, also if you already own a hardware security key like Yubikey, passkey support is baked right in since few years.
I’m interested to see passkeys gain popularity (especially after the plot for the video game CrossCode demonstrated why two factor authentication is so important), but I’d like to see it implemented without having to raise the system requirements for the web browser or the smartphone. TOTP is appealing because it doesn’t impose anything on the web browser, so I don’t have to worry about which computing device I may be stuck using no matter where I go, and I cobbled together my own offline authenticator implementation to make sure any version of Windows 10 can participate, including Mobile.