and thank god for that, i’d been saying for years, webauthn is great tech which will never be adopted by normal people, because it had an awful name. luckily we were able to just call OATH TOTP “two factor authentication” or that would have been totally DOA too. I got big hopes for passkeys!

everyone is sick and tired of tech promising to make the world better, only to make everything worse. i totally get the mistrust, the feeling that this is probanly just another trick from big corporations to steal even more of your privacy. i know much better than most people what it’s like. i know you’ve got no real reason to believe me, i’m just a random silly gay furry boy, but, trust me, in this case, we should be adopting this tech. if you’ve got family members or friends who are more vulnerable to phishing scams - often scammers target the elderly - i’d really encourage you to encourage them to set up passkeys. as always, i strongly recommend bitwarden - it can manage passkeys and sync them between devices and it’s totally secure and open source.

much love & solidarity!

yeah that’s totally true, but usually modern devices ensure that the passkeys are protected with a PIN or some biometric security, so I think it’s at least as strong as having a password manager on your device that can be unlocked with a PIN.

not really sure what you mean about “out of the ordinary” logins - it sounds like you’re thinking about phishing risks? but remember - passkeys cannot be phished. they verify the identity of both sides of the authentication token exchange - the server verifies you, and you verify the server. If you only use passkey authentication, you are safe from being phished. the most secure system would be one entirely without passwords/oath totp

TOTP 2FA is less secure than passkeys. 2FA TOTP keys can be phished. Passkey authentication cannot be phished. This is a security improvement which can make people completely immune to phishing attacks. That’s huge. And it doesn’t have any privacy risks, no loss of anonymity. It’s an open standard.

This is, objectively, a rare example of new technology which will make the world better and safer for us.

i’m not an expert by any means, but from what i understand, most symmetric key and hashing cryptography will probably be fine, but asymmetric-key cryptography will be where the problems are. lots of stuff uses asymmetric-key cryptography, like https for example.

microsoft rn:

✋ AI

👉 quantum

can’t wait to have to explain the difference between asymmetric-key and symmetric-key cryptography to my friends!

It’s also gotta be one of the worst sentences I’ve ever read, yikes. Maybe get an editor to look it over.