OK, infosec pros: Is this the panacea so many are making it out to be? I understand the benefits, but I am concerned with the greater reliance on biometrics. Unless they bring back iris scanning on phones [pouring one out for my GS8].
//
Tech giants want to kill off passwords. Here's why they think passkeys will change the world, and what that means for you - ABC News
https://www.abc.net.au/news/2022-07-14/tech-giants-passwords-passkeys-apple-google-microsoft/101184382
@voltronic
Bad move. Biometrics can be used against your consent. Passwords, codes, 2FA cannot.
@ArcturusSaDiablo
Great point. I've heard of police holding phones up to detainees' faces to unlock them without consent.
Reason 1 why face unlock is a terrible idea.
Yeah face unlock is the worst feature ever added
I like devices that have lockdown function which switches of fingerprint scanner and face unlock etc...... And if a device hasn't got lockdown function there is an app you can install that gives you the lockdown function
In reading the FIDO spec. it calls for, and encourages open source, third party implementation. It also calls for supporting hardware keys and other non-biometric, authentication.
But the details are in the hands of Big tech to implement.
All in all... I believe this is a very good step.
@corlin @White_Rabbit
The biggest positive I think is (someday) putting password DB breaches in the past.
@voltronic I hate biometrics. The security people at my old job used to hack into their own computers just for fun using biometrics and white glue (take imprint from password finger with glue, use your thumb and the glue to log in, stuff like that). We weren't allowed to use biometrics.
Which is fine by me. I find they often don't work, and kick up an even worse fuss than entering the wrong password (and for the record I'm pale, so it's not the racist product development, although also that).
I would feel much better if logins required entering a 6-digit pin AND biometrics on the device.
Given that this was pushed by FIDO, will there be open-source and platform-agnostic solutions, or will we all be locked into using Apple or Google phones for this?
Can there be an option not involving smartphones at all, such as current USB hardware keys?