I code and do art things. Check https://cloudy.horse64.org/ for the person behind this content. For my projects, https://codeberg.org/ell1e has many of them.

  • 5 Posts
  • 91 Comments
Joined 8 months ago
cake
Cake day: July 16th, 2025

help-circle
  • Passkeys seem to be advertised in ways that puts people off:

    • TPMs, Secure Enclaves, etc. are deeply closed-source and security by obscurity. Until there is an open TPM implementation available, many users may prefer not to rely on them. It seems like KeepassXC allows circumventing TPM for Passkeys, but most people probably don’t know that.

    • Too much “trust me bro, my cloud is safe” advertising from big Passkey advocates like Google.

    • A classic hardware key may be indistinguishable from a normal password being entered. But Google has announced they want to push passkeys against user’s wishes here: “Is opting-into passkey mandatory? No, […]. However, over time, as users become more accustomed to passkeys, we might limit where we allow passwords to be used because they’re less secure than passkeys.” Again, not a great look.

    • Collecting biometric data is always dangerous. I’m aware that Passkeys can be used without that, but many people may be put off before they realize that.

    I think that’s why Passkeys have poor adoption among privacy advocates, even though most problems seem fixable.