alt Hacker News"Passkeys" is a new brand name slapped on an older open, interoperable technology, so it's difficult for me to be "against passkeys" as they haven't fundamentally changed anything.
Before the branding they were known as FIDO2 "discoverable credentials" or "resident keys".
Two things have changed with the rebrand:
1. A lot of platforms are adopting support for FIDO2 resident keys. This is good actually.
2. A lot of large companies have set themselves up as providers of FIDO2 resident keys without export or migration mechanisms. This is the vendor lock-in part (no export feature), but it's not a feature of the underlying tech itself.
Fwiw FIDO are actively working on some standard for exporting/importing keys so that's something.
If you want to use passkeys without lockin, just use Bitwarden or KeepPassXC - they all have full support. Or you can also store a limited number of passkeys on your FIDO2-compatible hardware key like Yubikey or the open-source Nitrokeys.
Replies
By the way, notice Yubikey did not really release any new series/models and jacked up their price in just a few years. About 50% in 4 years.
The large adoption of those devices and standards did not lower the price.
They probably just banked on the enterprise market where every CISO was pressured to tick the hardware/2FA checkbox. And is then gonna allow to use the Microsoft/Google "software" one because it is hard to manage otherwise.
Passkeys would be wonderful if they removed remote attestation. Remote attestation is still there, so I will not touch it.
Except the FIDO Alliance is trying to pressure KeepassXC to remove exporting passkeys in an open format: https://github.com/keepassxreboot/keepassxc/issues/10407