alt Hacker NewsIt's not ideal but there's been some progress.
I'm not sure we can blame Google for not pushing their Authenticator more, most services have been dead set on SMS and are now slowly moving to Passkeys, probably for the best.
Replies
I don't want Google to push their Authenticator, I want Google to retire their Authenticator, implement TOTP codes in their Passwords app (it's very trivial to implement) and implement passkeys on Google Chrome Linux (now those are not trivial, but if they push passkeys so hard, they could at least implement them). I also want to be able to store any items in Google Passwords manager, like ssh username/password, my bank cards, software serial codes and other sensitive information (again trivial to implement, just provide me multiline textedit with notes). I also want password generator in their app. I also want to configure multiple domains for entry, like microsoft.com + live.com. Are those big requests? I don't think so.
Passkeys are going to make these problems much worse.
What do you do if google/ms/apple won’t let you log in, or you lose a device, or you lose your phone?
If the answer is “there’s an account recovery path involving a password”, then just accept passwords!
If the answer is “recover the passkey provider account”, then that forces everyone to have a single password / security question / whatever that grants access to all their accounts.