Article discussing the push for passkeys as an alternative to passwords, including numerous problems associated with passkeys like big companies agenda, complicated proprietary implementations, vendor lock-in requirements and dependency on smartphones, dubious value for ordinary users, and misplaced purpose and value, hype and security, lax IT practices and constant private data leaks, psychological reasons why modern Web and email are interactive and phishing-prone due to profit-driven design, wrongness of clickable links, practice of information-only communication, severe implications for privacy and freedom in so-called modern solutions, some other observations, and more
I think the author identifies the correct issues but this isn’t an argument against passkeys as a security measure rather their inevitable use by corpos for data harvesting. I hate it too tbqh I’d rather get hacked on some disposable email account with a random username than have to hand over my PII, money and mortal soul to Google for extra sec. At work it’s a different level of shit entirely. We have SSO behind SSO behind SSO, the inept overseas coworkers don’t understand arch of the company they got merged with nor the concept of legal compliance or ISO, they’re running the entire sec programme into the ground to bring it under AD in a way that directly compromises their AD when nothing in any of our orgs even uses windows in any way except theirs where they drink M$ coolaid. If this job wasn’t so comfortable I’d be depressed just thinking about it.