🆘Bill Cole 🇺🇦 on Nostr: Amen. I’ve read a few critiques of #Passkeys; they all seem to miss the mark. It is ...

Amen. I’ve read a few critiques of #Passkeys; they all seem to miss the mark. It is early days still & the real problems so far are quirks of specific implementations. It also seems that some people also don’t get that the point of tying a private key & cert to a specific *trustworthy* device is to make it non-portable, unlike a user+pass or user+pass+TOTP combo, e.g. in a password manager blob being tossed around like a bong with a half-ounce bowl.

#InfoSec #WebAuthn https://digipres.club/@dsalo/113318092325311618