These recent articles are 
The published date on the article says March 12?
For me it says March 8th. Read time is 12 minutes though.
I swear, a few minutes ago it said March 12. Could be a bug?
It was originally meant to be on march 12 but y’all are getting it early now haha
Haha. Funny enough, I was looking into passkeys the other day. I tried them out with PrivacyGuides and I was like “What?! That convenient?” I was also curious about the security advantages about passkeys. This article sums it up very nicely!
Thank you, yeah I was surprised how convenient they are the first time I tried them out. My parents actually go for them as well whenever they’re available.
Second this! Great job @fria! I have been trying to get everyone to use a password manager.
One question, I’ve noticed you can add multiple keys similar to hardware keys on sites. Is that a requirement of FIDO or at least becoming standard?
That would supplement password sharing in password managers.
Edit: If magically all websites implemented this today, would this remove the need for hardware keys?
No I don’t think so. An issue still with passkeys is that they’re not tied to one specific device they’re designed to be able to be synced across devices. So an attacker could hack your password manager on your phone for example and get your private key, hardware keys are still really useful since they’re secure against that kind of attack (although they’ve had vulnerabilities in the past so I’m not sure in the real world how much better they are really).
It’s definitely a recommendation by FIDO:
It doesn’t seem to be a requirement though.
I think it is already pretty common for the sites that do so hopefully that trend sticks.
This has me trying to think of a good balance between having a hardware key and now passkeys as they become a more ubiquitous option.
I’ve lost two security keys and its just something I do and have it as part of my security model to lose them but I hate that. Ive legit considered getting a programmable skin implant: The microchip implants that let you pay with your hand
Pretty cool to see some of the history behind the whole concept of passwords in this article. Understanding ‘how we got here’ is so important to understanding the context in which we think about what’s next. Keep up the great work!
Thanks so much!
That’s the idea behind passkeys I think, bring most of the security benefits of hardware keys while providing a lot more convenience and assurance against getting locked out of your accounts.
The idea of this makes me squirm haha, I’d rather just use my phone.
Essentially, password managers try to eliminate the human error element of passwords. But in doing so, they introduce more attack surface: you now have a repository of all your login credentials conveniently located on your device, so if your device is compromised, all your accounts are also compromised.
Little correcrion.
Attack surface ≠ protected amount of data
The password manager itself has very little attack surface.
The attack surface would rather be the OS.
Yes, no passwords would be great but there is currently no incentive for companies to make the shift, and that only happens if people gave a damn about security. What was the incentive for companies to switch to HTTPS? Hoping something similar could happen.
Will wait until we have open and FOSS implementations on all platforms until jumping on the passwordless train. Currently, you need Google Play Services to use FIDO2, so no thank you.
I briefly tried to set up a Passkey (Security Key) for Proton on computer using KeePassXC, for some reason, Proton just kept saying
Something went wrong registering your security key. Please try again.
Maybe Proton does not accept KeePassXC as a Passkey. Will try a few more other services but not holding my breath.