alt Hacker NewsThe subject here is literally websites trying to push passkeys on users. That is who is asking us to.
About every week now Amazon tries to trick me into creating a passkey. It doesn't even ask, it just goes ahead and triggers my browser passkey creation mechanism without my consent. PayPal recently tried to force me to create one too and I had to kill and restart the app because that was the only way to skip it. I'll stick to my password with 2FA, thanks.
Replies
We have now gone from having to “redo everything” to being asked to switch to a passkey by a grand total of one website.
I’ll be honest I’ve heard a lot of griping about passkeys but I have gone out of my way to switch over to them and have had precisely zero issues over the dozens of sites that I’ve bothered to make the switch on. Login flow is simpler and doesn’t rely on a browser extension guessing at login fields or trying to figure out when passwords change.
Sometimes the new thing really is just better.
It's wildly obnoxious that browsers don't let you generally suppress these prompts.
And if you take the nuclear option and strip your browser of WebAuthn support, then you obviously can't use any passkeys, which doesn't work for me - I have two sites where I do want to use passkeys (because it's the only way to avoid SMS-based MFA on every login), but I never want to see passkey prompts for any other sites.