“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday.

“Passkeys,” the secure authentication mechanism built to replace passwords, are getting more portable and easier for organizations to implement thanks to new initiatives the FIDO Alliance announced on Monday.

  • unskilled5117@feddit.orgEnglish
    302·
    20 hours ago

    The lock-in effect of passkeys is something that this protocol aims to solve though. The “only managed by your device” is what keeps us locked in, if there is no solution to export and import it on another device.

    The protocol aims to make it easy to import and export passkeys so you can switch to a different provider. This way you won’t be stuck if you create passkeys e.g. on an Apple device and want to switch to e.g. Bitwarden or an offline password manager like KeyPassXC

    The specifications are significant for a few reasons. CXP was created for passkeys and is meant to address a longstanding criticism that passkeys could contribute to user lock-in by making it prohibitively difficult for people to move between operating system vendors and types of devices. […] CXP aims to standardize the technical process for securely transferring them between platforms so users are free […].

    • RecluseRamble@lemmy.dbzer0.comEnglish
      1·
      3 hours ago

      And who forces all the corps to correctly implement that protocol? Getting you locked in is in all of their interests, after all.

      • unskilled5117@feddit.orgEnglish
        2·
        2 hours ago

        I think it‘s fair to remain skeptical but the big organizations were part of the development, so there seems to be some interest. And it‘s not always in their interest to lock users in, when it also prevents users from switching to their platform.

        Development of technical standards can often be a fraught bureaucratic process, but the creation of CXP seems to have been positive and collaborative. Researchers from the password managers 1Password, Bitwarden, Dashlane, NordPass, and Enpass all worked on CXP, as did those from the identity providers Okta as well as Apple, Google, Microsoft, Samsung, and SK Telecom.

    • nevemsenki@lemmy.worldEnglish
      172·
      20 hours ago

      That’s between platforms though. I like my stuff self-managed. Unless it provenly works with full offline solutions I’ll remain sceptical.

      • darklamer@lemmy.dbzer0.comEnglish
        10·
        13 hours ago

        I like my stuff self-managed.

        Bitwarden / Vaultwarden is a popular available working solution for self-hosting and self-managing passkeys (as well as passwords).

        • EngineerGaming@feddit.nlEnglish
          21·
          4 hours ago

          TBH I don’t see a reason why something as simple as a password manager needs a server, selfhosted or not. I don’t get the obsession with syncing everything, so would rather stick with normal KeepassXC.

          • Synestine@sh.itjust.worksEnglish
            2·
            3 hours ago

            Have you never lost your password device (phone, laptop, etc) suddenly and unexpectedly? That’s when you really want that file synced somewhere else. But then it’s too late. Bonus on many password vault servers is shared folders, so one can share their garage door code with the family but keep the bank account details to oneself.

    • umbrella@lemmy.mlEnglish
      1·
      11 hours ago

      not the first time i hear this though. im skeptical until proven otherwise