Passkeys - WTF?

by Animesh - Aug 22, 2024

Sometime back while researching about auth, I wrote a post about passkeys.

It has been 7 months since, and everytime I have come across a passkey based auth on the interwebs, I have been utterly confused. Github for example, shows me a link to login with passkey, making me believe that I have one for logging in to Github. I don't think I do. And even if I do, I don't know where it is. And if I am not sure where it is, I hope it cannot be misused.

I can write a longer post about this, but a cursory search throws up many that voice this same mess

• I Stopped Using Passwords. It’s Great—and a Total Mess
• Passkeys are a mess
• Passkey use confusion etc.

So I take my words back. Implementing passkeys on CoF is a hard PASS.

[Update 2024-09-10]: Thank you DHH for agreeing - Passwords have problems, but passkeys have more