yeah that’s totally true, but usually modern devices ensure that the passkeys are protected with a PIN or some biometric security, so I think it’s at least as strong as having a password manager on your device that can be unlocked with a PIN.

not really sure what you mean about “out of the ordinary” logins - it sounds like you’re thinking about phishing risks? but remember - passkeys cannot be phished. they verify the identity of both sides of the authentication token exchange - the server verifies you, and you verify the server. If you only use passkey authentication, you are safe from being phished. the most secure system would be one entirely without passwords/oath totp

TOTP 2FA is less secure than passkeys. 2FA TOTP keys can be phished. Passkey authentication cannot be phished. This is a security improvement which can make people completely immune to phishing attacks. That’s huge. And it doesn’t have any privacy risks, no loss of anonymity. It’s an open standard.

This is, objectively, a rare example of new technology which will make the world better and safer for us.

i’m not an expert by any means, but from what i understand, most symmetric key and hashing cryptography will probably be fine, but asymmetric-key cryptography will be where the problems are. lots of stuff uses asymmetric-key cryptography, like https for example.

microsoft rn:

✋ AI

👉 quantum

can’t wait to have to explain the difference between asymmetric-key and symmetric-key cryptography to my friends!

I think their comment was tongue in cheek :) like they’re saying you need to pay for server maintenance

It’s also gotta be one of the worst sentences I’ve ever read, yikes. Maybe get an editor to look it over.