undefined | Better HN

0 pointsuyzstvqs9mo ago0 comments

Passkeys are the pinnacle of bad UX. It just works, until the user tries to switch devices, accounts or platforms. The slogan of passkeys should be something like "I don't have a password, it usually just works, but now I changed X and it doesn't work anymore". Even worse is hardware-based 2FA built into smartphones (also FIDO), as you lose your phone in a lake and now you can't access anything anymore.

The way to go is an encrypted password manager + strong unique random passwords + TOTP 2FA. It's human-readable. Yes, that makes it susceptible to phishing, but it also provides very critical UX that makes it universal and simple.

0 comments

johncolanduoni9mo ago

Apple’s works fine, including when I’m logging on to my windows machine. Opening the camera app is a little annoying, but I don’t have to do it frequently. 1Password works well too and it runs on everything. There’s open source options, but I can’t attest to their UX.

oidar9mo ago

Apple's works fine until you don't have access to your apple devices.

smallerfish9mo ago

That's fine, but Chrome has 67% market share, and the majority of people will pick the default option for passkeys if prompted. For passkeys to replace passwords it's got to be seamless and easily recoverable without compromising security.

yunwal9mo ago

> the majority of people will pick the default option for passkeys if prompted

Especially since Google doesn’t allow you to change your personal default which is what convinced me to go and switch all my accounts off of Google SSO

johncolanduoni9mo ago

I’m not sure what you mean; I have multiple passkeys on different platforms for my Google account (and a few similarly important ones).

johncolanduoni9mo ago

So we need to make a new open standard, and then somehow prevent Google from implementing it? Too badly they implemented TOTP too. I’m not sure what you’re proposing here.

smallerfish9mo ago

Did you see a proposal? I'm merely pointing out that there's disasterously poor UX lurking in the #1 platform that users may encounter passkeys in. It's not ready to send out to normies without more work on it.

airstrike9mo ago

Yes, it really is a shame that Google Chrome has dominated the market since the very first browser was created.

1 more reply

odo12429mo ago

Bitwarden is really good for passkeys, better than apple's password manager imo

PartiallyTyped9mo ago

I use protonpass and it’s great, carried across all my devices and browsers.

j / k navigate · click thread line to collapse

0 comments

johncolanduoni9mo ago

oidar9mo ago

Apple's works fine until you don't have access to your apple devices.

smallerfish9mo ago

yunwal9mo ago

> the majority of people will pick the default option for passkeys if prompted

Especially since Google doesn’t allow you to change your personal default which is what convinced me to go and switch all my accounts off of Google SSO

johncolanduoni9mo ago

I’m not sure what you mean; I have multiple passkeys on different platforms for my Google account (and a few similarly important ones).

johncolanduoni9mo ago

So we need to make a new open standard, and then somehow prevent Google from implementing it? Too badly they implemented TOTP too. I’m not sure what you’re proposing here.

smallerfish9mo ago

airstrike9mo ago

Yes, it really is a shame that Google Chrome has dominated the market since the very first browser was created.

1 more reply

odo12429mo ago

Bitwarden is really good for passkeys, better than apple's password manager imo

PartiallyTyped9mo ago

I use protonpass and it’s great, carried across all my devices and browsers.

j / k navigate · click thread line to collapse